CVE-2019-9900

high

Description

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.

References

https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history

https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM

https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h

https://github.com/envoyproxy/envoy/issues/6434

https://access.redhat.com/errata/RHSA-2019:0741

Details

Source: Mitre, NVD

Published: 2019-04-25

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Severity: High