FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Istio -- Security vulnerabilities

Affected packages
istio < 1.1.2

Details

VuXML ID 484d3f5e-653a-11e9-b0e3-1c39475b9f84
Discovery 2019-03-29
Entry 2019-04-22

Istio reports:

Two security vulnerabilities have recently been identified in the Envoy proxy. The vulnerabilities are centered on the fact that Envoy did not normalize HTTP URI paths and did not fully validate HTTP/1.1 header values. These vulnerabilities impact Istio features that rely on Envoy to enforce any of authorization, routing, or rate limiting.

References

CVE Name CVE-2019-9900
CVE Name CVE-2019-9901
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9900
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9901
URL https://github.com/envoyproxy/envoy/issues/6434
URL https://github.com/envoyproxy/envoy/issues/6435