Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-27491

Published: 04/04/2023 Updated: 11/04/2023
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Envoy

Vulnerability Summary

Description<!---->A flaw was found in Envoy that may allow malicious users to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the HTTP/1 upstream service.A flaw was found in Envoy that may allow malicious users to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the HTTP/1 upstream service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

envoyproxy envoy

Vendor Advisories

Red Hat: Important: Red Hat OpenShift Service Mesh 2.2.9 security update
Synopsis Important: Red Hat OpenShift Service Mesh 229 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 229Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...
Amazon Linux 2: ALAS2ECS-2023-003
Envoy is an open source edge and service proxy designed for cloud-native applications Prior to versions 1260, 1253, 1244, 1236, and 1229, the client may bypass JSON Web Token (JWT) checks and forge fake original paths The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request ...
Red Hat:
Description<!---->A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the HTTP/1 upstream serviceA flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the HTTP/1 upstream service ...

References

CWE-444https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rphttps://www.rfc-editor.org/rfc/rfc9110#section-5.6.2https://datatracker.ietf.org/doc/html/rfc9113#section-8.3https://access.redhat.com/errata/RHSA-2023:4623https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALASECS-2023-003.htmlhttps://access.redhat.com/security/cve/cve-2023-27491
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook