Lucene search
PRIOn knowledge basePRION:CVE-2019-9901HistoryApr 25, 2019 - 4:29 p.m.
Improper access control
2019-04-2516:29:00
PRIOn knowledge base
www.prio-n.com
6
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/…/admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
Related
veracode
veracode
Access Control Bypass
2019-05-16 03:58:57
github
github
EnvoyProxy Envoy Missing HTTP URL path normalization
2022-05-24 16:44:38
cve
cve
CVE-2019-9901
2019-04-25 16:29:01
redhatcve
redhatcve
CVE-2019-9901
2019-04-09 13:20:08
nvd
nvd
CVE-2019-9901
2019-04-25 16:29:01
cvelist
cvelist
CVE-2019-9901
2019-04-25 15:31:19
osv
osv
CVE-2019-9901
2019-04-25 16:29:01
EnvoyProxy Envoy Missing HTTP URL path normalization
2022-05-24 16:44:38
nessus
nessus
RHEL 7 : openshift (RHSA-2019:0741)
2019-04-15 00:00:00
Photon OS 1.0: Envoy PHSA-2019-1.0-0241
2019-07-04 00:00:00
redhat
redhat
(RHSA-2019:0741) Important: Istio-Proxy Security Update
2019-04-10 20:25:22
photon
photon
freebsd
freebsd
Istio -- Security vulnerabilities
2019-03-29 00:00:00