CVE-2019-9900 Information

Description

When parsing HTTP/1.x header values Envoy 1.9.0 and before does not reject embedded zero characters (NUL ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules gaining access to unauthorized resources.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Reference

https://access.redhat.com/errata/RHSA-2019:0741 https://github.com/envoyproxy/envoy/issues/6434 https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h https://groups.google.com/forum/!topic/envoy-announce/VoHfnDqZiAM https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

8.3