Количество 4
Количество 4
CVE-2019-9901
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
CVE-2019-9901
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
GHSA-2wmf-p7f8-w42h
EnvoyProxy Envoy Missing HTTP URL path normalization
BDU:2019-02075
Уязвимость сетевого программного средства Envoy, связанная с ошибками при нормализации URI-адресов, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-9901 Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy. | CVSS3: 8.3 | 0% Низкий | почти 7 лет назад |
 | CVE-2019-9901 Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy. | CVSS3: 6.5 | 0% Низкий | почти 7 лет назад |
| GHSA-2wmf-p7f8-w42h EnvoyProxy Envoy Missing HTTP URL path normalization | CVSS3: 10 | 0% Низкий | больше 3 лет назад |
 | BDU:2019-02075 Уязвимость сетевого программного средства Envoy, связанная с ошибками при нормализации URI-адресов, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным | CVSS3: 10 | 0% Низкий | почти 7 лет назад |
Уязвимостей на страницу