Description

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.

Remediation

References

CVE-2019-9901

Related Vulnerabilities

Oracle Application Server CVE-2008-4014 Vulnerability (CVE-2008-4014)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.4)

WordPress Plugin Backup Migration Remote Code Execution (1.3.7)

WordPress Plugin CheetahO Image Compression and Optimizer Unspecified Vulnerability (1.4.2.1)

WordPress Plugin AdKlick Advertising Management Unspecified Vulnerability (1.1)

Severity

Critical

Classification

CVE-2019-9901 CWE-706 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities