Vulnerability Description
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envoyproxy | Envoy | <= 1.9.0 |
| Redhat | Openshift Service Mesh | - |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:0741Third Party Advisory
- https://github.com/envoyproxy/envoy/issues/6434ExploitIssue TrackingThird Party Advisory
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32hExploitMitigationThird Party Advisory
- https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM
- https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_historyRelease NotesVendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0741Third Party Advisory
- https://github.com/envoyproxy/envoy/issues/6434ExploitIssue TrackingThird Party Advisory
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32hExploitMitigationThird Party Advisory
- https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM
- https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_historyRelease NotesVendor Advisory
FAQ
What is CVE-2019-9900?
CVE-2019-9900 is a vulnerability with a CVSS score of 8.3 (HIGH). When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL chara...
How severe is CVE-2019-9900?
CVE-2019-9900 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9900?
Check the references section above for vendor advisories and patch information. Affected products include: Envoyproxy Envoy, Redhat Openshift Service Mesh.