vulnerability
Red Hat: CVE-2019-19330: CVE-2019-19330 haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 27, 2019 | Apr 29, 2020 | Mar 27, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 27, 2019
Added
Apr 29, 2020
Modified
Mar 27, 2026
Description
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Solutions
redhat-upgrade-haproxyredhat-upgrade-haproxy-debuginforedhat-upgrade-haproxy-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.