CVE-2019-9900 in Envoyproxy and Red Hat Products
Published on April 25, 2019

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.

Vendor Advisory NVD

Products Associated with CVE-2019-9900

stack.watch emails you whenever new vulnerabilities are published in Envoyproxy Envoy or Red Hat Openshift Service Mesh. Just hit a watch button to start following.

Envoyproxy Envoy

Red Hat Openshift Service Mesh

Exploit Probability

EPSS

0.03%

Percentile

9.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-9900 in Envoyproxy and Red Hat ProductsPublished on April 25, 2019

Products Associated with CVE-2019-9900

Exploit Probability

CVE-2019-9900 in Envoyproxy and Red Hat Products
Published on April 25, 2019