Vulnerabilities > CVE-2019-18802 - Unspecified vulnerability in Envoyproxy Envoy
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.
Vulnerable Configurations
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0207_ENVOY.NASL description An update of the envoy package has been released. last seen 2020-03-17 modified 2020-02-13 plugin id 133687 published 2020-02-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133687 title Photon OS 2.0: Envoy PHSA-2020-2.0-0207 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0281_ENVOY.NASL description An update of the envoy package has been released. last seen 2020-03-17 modified 2020-03-02 plugin id 134206 published 2020-03-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134206 title Photon OS 1.0: Envoy PHSA-2020-1.0-0281 NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0722-1.NASL description This update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 (bsc#1166481) lib: Add nghttp2_check_authority as public API lib: Fix the bug that stream is closed with wrong error code lib: Faster huffman encoding and decoding build: Avoid filename collision of static and dynamic lib build: Add new flag ENABLE_STATIC_CRT for Windows build: cmake: Support building nghttpx with systemd third-party: Update neverbleed to fix memory leak nghttpx: Fix bug that mruby is incorrectly shared between backends nghttpx: Reconnect h1 backend if it lost connection before sending headers nghttpx: Returns 408 if backend timed out before sending headers nghttpx: Fix request stal Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2020-03-20 plugin id 134757 published 2020-03-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134757 title SUSE SLED15 / SLES15 Security Update : nghttp2 (SUSE-SU-2020:0722-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-379.NASL description This update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 (bsc#1166481) - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynamic lib - build: Add new flag ENABLE_STATIC_CRT for Windows - build: cmake: Support building nghttpx with systemd - third-party: Update neverbleed to fix memory leak - nghttpx: Fix bug that mruby is incorrectly shared between backends - nghttpx: Reconnect h1 backend if it lost connection before sending headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-31 modified 2020-03-26 plugin id 134934 published 2020-03-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134934 title openSUSE Security Update : nghttp2 (openSUSE-2020-379) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-4222.NASL description Red Hat OpenShift Service Mesh 1.0.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Service Mesh is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 132031 published 2019-12-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132031 title RHEL 8 : Red Hat OpenShift Service Mesh 1.0.3 RPMs (RHSA-2019:4222)
Redhat
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html
- https://blog.envoyproxy.io
- https://blog.envoyproxy.io
- https://github.com/envoyproxy/envoy/commits/master
- https://github.com/envoyproxy/envoy/commits/master
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4
- https://groups.google.com/forum/#%21forum/envoy-users
- https://groups.google.com/forum/#%21forum/envoy-users