Skip to main content

Haproxy CVE-2019-14241

HIGH
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2019-07-23 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 23, 2019 - 13:15 nvd
HIGH 7.5

DescriptionNVD

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.

AnalysisAI

HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-835. HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. Affected products include: Haproxy. Version information: through 2.0.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-5360 HIGH
7.5 Jun 30

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service

CVE-2021-40346 HIGH POC
7.5 Sep 08

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request

CVE-2019-18277 HIGH POC
7.5 Oct 23

A flaw was found in HAProxy before 2.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no

CVE-2023-40225 HIGH POC
7.2 Aug 10

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2

CVE-2019-8953 MEDIUM POC
6.1 Feb 20

The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, re

CVE-2019-19330 CRITICAL
9.8 Nov 27

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd

CVE-2023-25725 CRITICAL
9.1 Feb 14

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situatio

CVE-2026-55203 CRITICAL
9.0 Jun 18

FastCGI framing desynchronization in HAProxy through 3.4.0 stems from a 16-bit integer overflow in the fcgi_conn demux r

CVE-2014-6269 MEDIUM POC
5.0 Sep 30

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 a

CVE-2020-11100 HIGH
8.8 Apr 02

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can w

CVE-2026-55204 HIGH
8.7 Jun 18

Denial of service in HAProxy through 3.4.0 allows remote unauthenticated attackers to crash worker processes by triggeri

CVE-2023-45539 HIGH
8.2 Nov 28

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive info

Share

CVE-2019-14241 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy