FKIE_CVE-2019-19330

Vulnerability from fkie_nvd - Published: 2019-11-27 16:15 - Updated: 2024-11-21 04:34
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
References
cve@mitre.orghttps://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e
cve@mitre.orghttps://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878
cve@mitre.orghttps://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344
cve@mitre.orghttps://seclists.org/bugtraq/2019/Nov/45Mailing List, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202004-01
cve@mitre.orghttps://tools.ietf.org/html/rfc7540#section-10.3Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4212-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4577Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e
af854a3a-2127-422b-91ae-364da2661108https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878
af854a3a-2127-422b-91ae-364da2661108https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Nov/45Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202004-01
af854a3a-2127-422b-91ae-364da2661108https://tools.ietf.org/html/rfc7540#section-10.3Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4212-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4577Third Party Advisory
Impacted products
Vendor Product Version
haproxy haproxy *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 19.10
debian debian_linux 10.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB4A64D-7A83-4A92-9F0B-0450A822029F",
              "versionEndExcluding": "2.0.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de HTTP/2 en HAProxy versiones anteriores a  la versi\u00f3n 2.0.10, maneja inapropiadamente los encabezados, como es demostrado por el retorno de carro (CR, ASCII 0xd), salto de l\u00ednea (LF, ASCII 0xa) y el car\u00e1cter cero (NUL, ASCII 0x0), tambi\u00e9n se conoce como Ataques de Encapsulaci\u00f3n Intermedia ."
    }
  ],
  "id": "CVE-2019-19330",
  "lastModified": "2024-11-21T04:34:35.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-27T16:15:11.720",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/45"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202004-01"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.ietf.org/html/rfc7540#section-10.3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4212-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.haproxy.org/?p=haproxy-2.0.git%3Ba=commit%3Bh=ac198b92d461515551b95daae20954b3053ce87e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=146f53ae7e97dbfe496d0445c2802dd0a30b0878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=54f53ef7ce4102be596130b44c768d1818570344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/45"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202004-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.ietf.org/html/rfc7540#section-10.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4212-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4577"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.