Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Envoy Proxy Improper Input Validation Vulnerability - CVE-2019-9900 - Vulnerability Database
Envoy Proxy

Envoy Proxy Improper Input Validation Vulnerability - CVE-2019-9900

High
Reference: CVE-2019-9900
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9900
Title: Envoy Proxy Improper Input Validation Vulnerability
Overview:

When parsing HTTP/1.x header values Envoy 1.9.0 and before does not reject embedded zero characters (NUL ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules gaining access to unauthorized resources.