Vulnerability Description
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envoyproxy | Envoy | <= 1.12.1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html
- https://blog.envoyproxy.ioProduct
- https://github.com/envoyproxy/envoy/commits/masterPatch
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4ExploitThird Party Advisory
- https://groups.google.com/forum/#%21forum/envoy-users
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html
- https://blog.envoyproxy.ioProduct
- https://github.com/envoyproxy/envoy/commits/masterPatch
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4ExploitThird Party Advisory
- https://groups.google.com/forum/#%21forum/envoy-users
FAQ
What is CVE-2019-18802?
CVE-2019-18802 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different str...
How severe is CVE-2019-18802?
CVE-2019-18802 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18802?
Check the references section above for vendor advisories and patch information. Affected products include: Envoyproxy Envoy.