Vulnerabilities > CVE-2019-18802 - Unspecified vulnerability in Envoyproxy Envoy

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
envoyproxy
critical
nessus

Summary

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0207_ENVOY.NASL
    descriptionAn update of the envoy package has been released.
    last seen2020-03-17
    modified2020-02-13
    plugin id133687
    published2020-02-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133687
    titlePhoton OS 2.0: Envoy PHSA-2020-2.0-0207
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0281_ENVOY.NASL
    descriptionAn update of the envoy package has been released.
    last seen2020-03-17
    modified2020-03-02
    plugin id134206
    published2020-03-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134206
    titlePhoton OS 1.0: Envoy PHSA-2020-1.0-0281
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0722-1.NASL
    descriptionThis update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 (bsc#1166481) lib: Add nghttp2_check_authority as public API lib: Fix the bug that stream is closed with wrong error code lib: Faster huffman encoding and decoding build: Avoid filename collision of static and dynamic lib build: Add new flag ENABLE_STATIC_CRT for Windows build: cmake: Support building nghttpx with systemd third-party: Update neverbleed to fix memory leak nghttpx: Fix bug that mruby is incorrectly shared between backends nghttpx: Reconnect h1 backend if it lost connection before sending headers nghttpx: Returns 408 if backend timed out before sending headers nghttpx: Fix request stal Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134757
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134757
    titleSUSE SLED15 / SLES15 Security Update : nghttp2 (SUSE-SU-2020:0722-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-379.NASL
    descriptionThis update for nghttp2 fixes the following issues : nghttp2 was update to version 1.40.0 (bsc#1166481) - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynamic lib - build: Add new flag ENABLE_STATIC_CRT for Windows - build: cmake: Support building nghttpx with systemd - third-party: Update neverbleed to fix memory leak - nghttpx: Fix bug that mruby is incorrectly shared between backends - nghttpx: Reconnect h1 backend if it lost connection before sending headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-31
    modified2020-03-26
    plugin id134934
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134934
    titleopenSUSE Security Update : nghttp2 (openSUSE-2020-379)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4222.NASL
    descriptionRed Hat OpenShift Service Mesh 1.0.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Service Mesh is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id132031
    published2019-12-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132031
    titleRHEL 8 : Red Hat OpenShift Service Mesh 1.0.3 RPMs (RHSA-2019:4222)

Redhat

rpms
  • kiali-0:v1.0.8.redhat1-1.el7
  • servicemesh-0:1.0.3-1.el8
  • servicemesh-citadel-0:1.0.3-1.el8
  • servicemesh-cni-0:1.0.3-1.el8
  • servicemesh-galley-0:1.0.3-1.el8
  • servicemesh-grafana-0:6.2.2-25.el8
  • servicemesh-grafana-prometheus-0:6.2.2-25.el8
  • servicemesh-istioctl-0:1.0.3-1.el8
  • servicemesh-mixc-0:1.0.3-1.el8
  • servicemesh-mixs-0:1.0.3-1.el8
  • servicemesh-operator-0:1.0.3-1.el8
  • servicemesh-pilot-agent-0:1.0.3-1.el8
  • servicemesh-pilot-discovery-0:1.0.3-1.el8
  • servicemesh-prometheus-0:2.7.2-26.el8
  • servicemesh-proxy-0:1.0.3-1.el8
  • servicemesh-sidecar-injector-0:1.0.3-1.el8