PT-2019-6099 · Haproxy+2 · Haproxy+2

Japeldoorn

Published

2019-07-23

Updated

2024-06-15

CVE-2019-14241

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.0.3 HAProxy through 2.0.2

Description The issue is related to a denial of service condition that can be triggered by exploiting a loop with an unavailable exit condition. This can allow a remote attacker to cause a service disruption. The problem is associated with the htx manage client side cookies function in proto htx.c.

Recommendations For HAProxy versions through 2.0.2, consider updating to a version later than 2.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the proto htx.c module to minimize the risk of exploitation.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2019-2421

ALT-PU-2019-2422

BDU:2021-05300

CVE-2019-14241

OPENSUSE-SU-2019:2555-1

OPENSUSE-SU-2019:2556-1

OPENSUSE-SU-2019_2555-1

OPENSUSE-SU-2019_2556-1

OPENSUSE-SU-2024:10839-1

SUSE-SU-2019:3001-1

SUSE-SU-2019:3002-1

SUSE-SU-2019_3001-1

SUSE-SU-2019_3002-1

Affected Products

Alt Linux

Haproxy

Suse

PT-2019-6099 · Haproxy+2 · Haproxy+2

CVE-2019-14241

Weakness Enumeration

Related Identifiers

Affected Products

References · 29