7 matches found
Photon OS 1.0: Envoy PHSA-2020-1.0-0290
An update of the envoy package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0290. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136105...
Photon OS 2.0: Envoy PHSA-2020-2.0-0229
An update of the envoy package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0229. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135867...
Security Bulletin: Managed Istio (Beta) on IBM Cloud Kubernetes Service is affected by Envoy security vulnerabilities (CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518 and CVE-2019-15225)
Summary Managed Istio Beta on IBM Cloud Kubernetes Service is affected by Envoy security vulnerabilities that can result in a denial-of-service attack CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518 and CVE-2019-15225. Vulnerability Details CVE-ID: CVE-2019-9512...
CVE-2019-15225
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service memory consumption. This is a related issue to CVE-2019-14993...
CVE-2019-15225
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service memory consumption. This is a related issue to CVE-2019-14993...
CVE-2019-15225
CVE-2019-15225 affects Envoy up to 1.11.1 and is linked to a DoS caused by improper input validation when handling long URIs in route matching (via libstdc++ regex). IBM PSIRT notes vulnerable configuration in Managed Istio (Beta) on IBM Cloud Kubernetes Service, with a CVSS base of 5.3 (in IBM b...
CVE-2019-15225
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service memory consumption. This is a related issue to CVE-2019-14993...