vulnerability
FreeBSD: VID-484D3F5E-653A-11E9-B0E3-1C39475B9F84 (CVE-2019-9900): Istio -- Security vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 29, 2019 | Apr 23, 2019 | May 7, 2019 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 29, 2019
Added
Apr 23, 2019
Modified
May 7, 2019
Description
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.
Solution
freebsd-upgrade-package-istio
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.