Lucene search
Veracode Vulnerability DatabaseVERACODE:20205HistoryMay 16, 2019 - 3:58 a.m.
Access Control Bypass
2019-05-1603:58:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.004 Low
EPSS
Percentile
72.2%
Envoy is vulnerable to access control bypass attacks. This is because it does not normalize HTTP URL paths. A remote attacker could craft a relative path and could interpret the non-normalized path, that provide an attacker to access beyond the scope provided by the access control policy.
| CPE | Name | Operator | Version |
|---|---|---|---|
| servicemesh-proxy | eq | 0.6.0__1.el7 | |
| servicemesh-proxy | eq | 0.7.0__1.el7 |
Related
github
github
EnvoyProxy Envoy Missing HTTP URL path normalization
2022-05-24 16:44:38
prion
prion
Improper access control
2019-04-25 16:29:00
cve
cve
CVE-2019-9901
2019-04-25 16:29:01
redhatcve
redhatcve
CVE-2019-9901
2019-04-09 13:20:08
nvd
nvd
CVE-2019-9901
2019-04-25 16:29:01
cvelist
cvelist
CVE-2019-9901
2019-04-25 15:31:19
osv
osv
CVE-2019-9901
2019-04-25 16:29:01
EnvoyProxy Envoy Missing HTTP URL path normalization
2022-05-24 16:44:38
nessus
nessus
FreeBSD : Istio -- Security vulnerabilities (484d3f5e-653a-11e9-b0e3-1c39475b9f84)
2019-04-23 00:00:00
RHEL 7 : openshift (RHSA-2019:0741)
2019-04-15 00:00:00
Photon OS 1.0: Envoy PHSA-2019-1.0-0241
2019-07-04 00:00:00
photon
photon
redhat
redhat
(RHSA-2019:0741) Important: Istio-Proxy Security Update
2019-04-10 20:25:22
freebsd
freebsd
Istio -- Security vulnerabilities
2019-03-29 00:00:00