← voltar
CVE-2019-9900

CVE-2019-9900

CVSS 6.5 MEDIUMEPSS 3.7%
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.
CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2019:0741https://github.com/envoyproxy/envoy/issues/6434https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32hhttps://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAMhttps://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history