Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability - CVE-2019-9901 - Vulnerability Database
Envoy Proxy

Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability - CVE-2019-9901

Critical
Reference: CVE-2019-9901
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9901
Title: Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability
Overview:

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path e.g. something/../admin to bypass access control e.g. a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.