CVE-2019-9900
HIGHEnvoy < 1.9.0 - HTTP Header Injection via Embedded NUL Characters
Title source: llmDescription
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0741
Release Notes, Vendor Advisory x_refsource_confirm
https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/envoyproxy/envoy/issues/6434
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM
Exploit, Mitigation, Third Party Advisory x_refsource_confirm
https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h
Scores
CVSS v3
8.3
EPSS
0.0003
EPSS Percentile
10.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Details
CWE
CWE-74
Status
published
Products (2)
envoyproxy/envoy
< 1.9.0
redhat/openshift_service_mesh
Published
Apr 25, 2019
Tracked Since
Feb 18, 2026