vulnerability

FreeBSD: VID-484d3f5e-653a-11e9-b0e3-1c39475b9f84 (CVE-2019-9900): Istio -- Security vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 22, 2019

Added

Apr 23, 2019

Modified

Jun 15, 2026

Description

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.

Solution

freebsd-upgrade-package-istio

References

CVE-2019-9900
https://attackerkb.com/topics/CVE-2019-9900
CWE-74
EUVD-EUVD-2019-19256
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-19256

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report