The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-27T15:53:26
Updated: 2024-08-05T02:16:46.867Z
Reserved: 2019-11-27T00:00:00
Link: CVE-2019-19330
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-27T16:15:11.720
Modified: 2024-11-21T04:34:35.250
Link: CVE-2019-19330
Redhat