Vulnerability CVE-2019-18802

Vulnerability Name:

CVE-2019-18802 (CCN-172886)

Assigned:

2019-12-10

Published:

2019-12-10

Updated:

2020-08-24

Summary:

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.3 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2019-18802

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0379

Source: MISC
Type: Product
https://blog.envoyproxy.io

Source: CCN
Type: Envoy proxy Blog
The official Envoy Proxy blog

Source: CCN
Type: Ambassador Blog, Dec 10
Untrusted remote client vulnerabilities in Envoy Proxy

Source: XF
Type: UNKNOWN
envoy-cve201918802-priv-esc(172886)

Source: MISC
Type: Patch
https://github.com/envoyproxy/envoy/commits/master

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4

Source: MISC
Type: Mailing List, Third Party Advisory
https://groups.google.com/forum/#!forum/envoy-users

Source: CCN
Type: ISTIO-SECURITY-2019-007
Security Bulletin

Vulnerable Configuration:

Configuration 1:

cpe:/a:envoyproxy:envoy:*:*:*:*:*:*:*:* (Version <= 1.12.1)

Configuration CCN 1:

cpe:/a:istio:istio:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:envoyproxy:envoy:1.12.0:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:istio:istio:1.4.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201918802	V	CVE-2019-18802	2023-06-22
oval:org.opensuse.security:def:7624	P	libnghttp2-14-1.40.0-6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:761	P	Security update for 389-ds (Moderate)	2022-09-16
oval:org.opensuse.security:def:3224	P	libopenvswitch-2_11-0-2.11.1-1.75 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3162	P	libcdio14-0.90-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3226	P	libospf0-1.1.1-17.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3040	P	crash-7.2.1-6.42 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3227	P	libotr5-4.0.0-9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3135	P	libXdmcp6-1.1.1-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3212	P	libmspack0-0.4-14.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3114	P	java-1_8_0-ibm-1.8.0_sr5.40-30.54.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3173	P	libfreetype6-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3230	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3154	P	libapr1-1.5.1-4.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3121	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3203	P	libldb1-1.5.4-1.28 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3109	P	jakarta-commons-fileupload-1.1.1-122.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94670	P	libnghttp2-14-1.40.0-6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:166	P	libnghttp2-14-1.40.0-3.5.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:93817	P	(Moderate)	2022-06-02
oval:org.opensuse.security:def:1802	P	Security update for pidgin (Important)	2022-05-16
oval:org.opensuse.security:def:1796	P	Security update for MozillaThunderbird (Important)	2022-04-13
oval:org.opensuse.security:def:1095	P	Security update for wavpack (Moderate)	2022-03-28
oval:org.opensuse.security:def:1818	P	Security update for libreoffice (Moderate)	2022-03-17
oval:org.opensuse.security:def:1817	P	Security update for MozillaThunderbird (Important)	2022-03-10
oval:org.opensuse.security:def:1814	P	Security update for MozillaThunderbird (Important)	2022-02-23
oval:org.opensuse.security:def:1812	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:1805	P	Security update for the Linux Kernel (Important)	2022-01-26
oval:org.opensuse.security:def:1801	P	Security update for zxing-cpp (Important)	2022-01-24
oval:org.opensuse.security:def:65690	P	Security update for the Linux Kernel (Important) (in QA)	2022-01-07
oval:org.opensuse.security:def:1793	P	Security update for gegl (Important)	2021-12-31
oval:org.opensuse.security:def:1792	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:1791	P	Security update for xorg-x11-server (Important)	2021-12-21
oval:org.opensuse.security:def:69748	P	Security update for salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:64589	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:68353	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2021-09-16
oval:org.opensuse.security:def:48308	P	spice-vdagent-0.16.0-8.5.15 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48309	P	squashfs-4.3-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48324	P	tftp-5.2-11.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63480	P	libOSMesa8-32bit-20.2.4-57.13 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62781	P	libdjvulibre-devel-3.5.27-9.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62774	P	libXvnc-devel-1.9.0-19.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71809	P	elfutils-0.168-4.5.3 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100942	P	libnghttp2-14-1.40.0-3.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62184	P	libnghttp2-14-1.40.0-3.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71925	P	libnghttp2-14-1.40.0-3.5.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62778	P	libcdio++0-2.1.0-1.27 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72480	P	ibus-chewing-1.6.1-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62806	P	libpango-1_0-0-32bit-1.44.7+11-1.25 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:69127	P	Security update for dovecot23 (Important)	2021-06-22
oval:org.opensuse.security:def:74643	P	Security update for go1.15 (Moderate)	2021-06-18
oval:org.opensuse.security:def:64531	P	Security update for python-rsa (Important)	2021-06-17
oval:org.opensuse.security:def:48446	P	ipsec-tools-0.8.0-15.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2456	P	libgadu-devel-1.12.2-1.44 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48872	P	libssh4-0.6.3-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48642	P	vorbis-tools-1.4.0-26.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2460	P	libproxy1-config-gnome3-0.4.15-2.42 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48779	P	imobiledevice-tools-1.2.0-7.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64701	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:69853	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:111235	P	Security update for nghttp2 (Moderate)	2021-02-25
oval:org.opensuse.security:def:49460	P	Security update for php74 (Important)	2021-02-19
oval:org.opensuse.security:def:64322	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:64321	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:72364	P	ibus-1.5.22-2.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100530	P	libnghttp2-14-1.40.0-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62984	P	subversion-bash-completion-1.10.6-3.6.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61850	P	libnghttp2-14-1.40.0-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3868	P	coolkey-devel-1.1.0-148.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71591	P	libnghttp2-14-1.40.0-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63627	P	libmwaw-0_3-3-0.3.15-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116754	P	libnghttp2-14-1.40.0-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63277	P	libmariadbd-devel-10.4.13-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49023	P	libofx-0.9.9-3.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71693	P	powerpc-utils-1.3.7.1-3.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107196	P	libnghttp2-14-1.40.0-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3881	P	eog-devel-3.20.4-7.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49646	P	libQt5OpenGLExtensions-devel-static on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50839	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:50391	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:65109	P	Security update for nghttp2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:73027	P	Add features for Metrics Server, Cert Status Checker, VSphere VCP, and Cilium Envoy (Moderate)	2020-12-01
oval:org.opensuse.security:def:66405	P	graphviz on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49244	P	libthai-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50975	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:50132	P	nodejs8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49202	P	libnghttp2-14 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49395	P	conky on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74776	P	Security update for nghttp2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52251	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:64185	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:72909	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:65780	P	Security update for nghttp2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:73188	P	libnghttp2-14 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49774	P	bsh2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64429	P	pam_yubico on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50635	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:49626	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49491	P	typelib-1_0-JavaScriptCore-4_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50896	P	Security update for nghttp2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50802	P	Security update for gettext-runtime (Moderate)	2020-12-01
oval:org.opensuse.security:def:49330	P	sharutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65019	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:49627	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73070	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50232	P	imobiledevice-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66497	P	libnghttp2-14 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50869	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:69024	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:49148	P	libXp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50901	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:52313	P	Security update for nghttp2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49981	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50728	P	Security update for git (Moderate)	2020-12-01
oval:org.opensuse.security:def:63856	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49563	P	libmpg123-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68456	P	Security update for nghttp2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:110438	P	Security update for nghttp2 (Moderate)	2020-03-25
oval:org.opensuse.security:def:98135	P	Security update for nghttp2 (Moderate)	2020-03-19
oval:org.opensuse.security:def:75531	P	Security update for nghttp2 (Moderate)	2020-03-19
oval:org.opensuse.security:def:91170	P	Security update for nghttp2 (Moderate)	2020-03-19
oval:org.opensuse.security:def:104105	P	Security update for nghttp2 (Moderate)	2020-03-19
oval:org.opensuse.security:def:104825	P	Security update for nghttp2 (Moderate)	2020-03-19
oval:org.opensuse.security:def:97415	P	Security update for nghttp2 (Moderate)	2020-03-19
oval:org.opensuse.security:def:90450	P	Security update for nghttp2 (Moderate)	2020-03-19

BACK