Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-25T15:31:19
Updated: 2024-08-04T22:01:55.179Z
Reserved: 2019-03-21T00:00:00
Link: CVE-2019-9901
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-25T16:29:01.200
Modified: 2024-11-21T04:52:32.450
Link: CVE-2019-9901
Redhat