4 matches found
Photon OS 1.0: Envoy PHSA-2020-1.0-0290
An update of the envoy package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0290. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid136105...
Photon OS 2.0: Envoy PHSA-2020-2.0-0229
An update of the envoy package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0229. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135867...
CVE-2019-15226
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had...
CVE-2019-15226
CVE-2019-15226 affects Envoy: HTTP/1.x traffic (versions 1.10.0–1.11.1) and all HTTP/2 traffic. The header validation loop has O(n^2) complexity, enabling a remote attacker to construct many small headers below the maximum size to exhaust CPU and cause a denial of service. The available sources d...