CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://caddy.community/t/dos-in-http-proxyprotocol-plugin/6014
https://github.com/mastercactapus/caddy-proxyprotocol/issues/8
https://github.com/mastercactapus/proxyprotocol/commit/5c4a101121fc3e868026189c7a73f7f19eef90ac
https://github.com/mastercactapus/proxyprotocol/compare/ef496d7...5c4a101
https://github.com/mastercactapus/proxyprotocol/issues/1
https://github.com/mastercactapus/proxyprotocol/releases/tag/v0.0.2
https://caddy.community/t/dos-in-http-proxyprotocol-plugin/6014
https://github.com/mastercactapus/caddy-proxyprotocol/issues/8
https://github.com/mastercactapus/proxyprotocol/commit/5c4a101121fc3e868026189c7a73f7f19eef90ac
https://github.com/mastercactapus/proxyprotocol/compare/ef496d7...5c4a101
https://github.com/mastercactapus/proxyprotocol/issues/1
https://github.com/mastercactapus/proxyprotocol/releases/tag/v0.0.2

Products affected by CVE-2019-14243

Haproxy » Proxyprotocol » Version: N/A

cpe:2.3:a:haproxy:proxyprotocol:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-14243

Products

Pricing

Contact Us