Description
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-0508 Vulnerability (CVE-2015-0508)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5651)
WordPress Plugin Site Reviews CSV Injection (6.2.0)
WordPress Plugin HK Exif Tags Cross-Site Scripting (1.11)
WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)