CVE-2015-3281 HAProxy vulnerabilities





Versions Affected
  • HAProxy 1.5.x

It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests.

The Cloud Foundry project has released a cf-release version 211 that has the patched version of the HAProxy.

Pivotal is releasing Pivotal Elastic Runtime 1.5.1 with this patched cf-release. The other Pivotal Cloud Foundry products do not expose this vulnerability to users of the system.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cf-release 210 and prior have versions of HAProxy to CVE-2015-3281
  • Pivotal CF Elastic Runtime 1.5.0 and earlier versions

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry Runtime Deployments run with cf-release 211 or later when they are available, which contain the patched version of HAProxy that resolves CVE-2015-3281.
  • Pivotal recommends that customers upgrade to Pivotal CF Elastic Runtime 1.5.1 or later as the versions become available.

No names were given in announcement