7.5
CVSSv2

CVE-2019-9901

Published: 25/04/2019 Updated: 29/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in Envoy could allow an unauthenticated, remote malicious user to bypass security restrictions and conduct directory traversal attacks. The vulnerability exists because the affected software fails to normalize HTTP URL paths. An attacker could exploit this vulnerability by submitting a crafted URL to the targeted system. A successful exploit could allow the malicious user to bypass access controls and conduct directory traversal attacks on the targeted system. Envoy Proxy has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
EnvoyproxyEnvoy1.9.0

Vendor Advisories

Synopsis Important: Istio-Proxy Security Update Type/Severity Security Advisory: Important Topic An update for Istio-Proxy is now available for Red Hat OpenShift Service Mesh Tech Preview 090Red Hat Product Security has rated this update as having a security impact ofimportant A Common Vulnerability Sco ...

Github Repositories

数据年报 数据月报-3月 201904 信息源与信息类型占比 微信公众号 推荐 nickname_english weixin_no url title 国防科技要闻 CDSTIC mpweixinqqcom/s/LXR853Z4E5peVYq89tXKZA DARPA 2020财年研发预算 人工智能应用研究投资急剧增长 天融信阿尔法实验室 mpweixinqqcom/s/kwp5uxom7Amrj6S_-g8r4Q 天融信

How to use this tool? If envoy is in your path, Simply run it! $ envoy-cves ✔ Success! your envoy was tested and is immune to CVE-2019-9901 Make sure that the option normalize_path is turned on in your HCM settings ✔ Success! your envoy was tested and is immune to CVE-2019-9900 If not, provide the path to envoy in a flag: envoy-cves --envoy=/path/to/envoy ✘ Fail! your