Lucene search
+L

247 matches found

Cvelist
Cvelist
added 2021/07/23 9:50 p.m.26 views

CVE-2021-32783 Authorization bypass in Contour

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

8.5CVSS8.6AI score0.01151EPSS
Exploits0References3
NVD
NVD
added 2021/07/17 6:15 p.m.24 views

CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

7.5CVSS0.01457EPSS
Exploits0References4
OSV
OSV
added 2021/07/17 6:15 p.m.17 views

CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

7.5CVSS6.7AI score
Exploits0References4
AlpineLinux
AlpineLinux
added 2021/07/17 6:15 p.m.37 views

CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

7.5CVSS7.4AI score0.01457EPSS
Exploits0
Prion
Prion
added 2021/07/17 6:15 p.m.28 views

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

5CVSS7.5AI score0.01457EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2021/07/17 6:15 p.m.26 views

CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

7.5CVSS7.1AI score0.01457EPSS
Exploits0References3
OSV
OSV
added 2021/07/17 6:15 p.m.2 views

UBUNTU-CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

7.5CVSS7.1AI score0.01457EPSS
Exploits0References4
CVE
CVE
added 2021/07/17 5:28 p.m.402 views

CVE-2021-32574

CVE-2021-32574 affects HashiCorp Consul and Consul Enterprise versions 1.3.0 through 1.10.0, where the Envoy proxy TLS configuration does not validate the destination service identity in the encoded SAN. This could allow a remote attacker to masquerade as another service. The issue is fixed in ve...

7.5CVSS7.4AI score0.01457EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2021/07/17 5:28 p.m.41 views

CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

7.5CVSS7.4AI score0.01457EPSS
Exploits0
Cvelist
Cvelist
added 2021/07/17 5:28 p.m.39 views

CVE-2021-32574

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1...

7.8AI score0.01457EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/07/15 12:0 a.m.5 views

PT-2021-6606 · Hashicorp +2 · Hashicorp Consul +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.3.0 through 1.10.0 Description: The issue is related to the absence of validation of the destination service identity in the encoded subject alternative name in the Envoy proxy TLS...

8.8CVSS5.8AI score0.3479EPSS
Exploits3References46
RedHat Linux
RedHat Linux
added 2021/05/11 11:31 p.m.3 views

envoyproxy/envoy: HTTP request with escaped slash characters can bypass Envoy's authorization mechanisms

An authorization bypass vulnerability was found in envoyproxy/envoy. An attacker can potentially craft an HTTP request that defines a certain pattern of escaped characters in the URI path such as %2F, %2f, %5C or %5c, allowing them to bypass the envoy authorization service. The highest threat fro...

8.3CVSS5.8AI score0.68383EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/04/22 9:3 a.m.4 views

envoyproxy/envoy: NULL pointer dereference in TLS alert code handling

A NULL pointer dereference vulnerability was found envoyproxy/envoy. This flaw allows an attacker to establish a TLS session that sends an invalid TLS alert code, causing a NULL pointer exception to occur that crashes the application, resulting in a denial of service. The highest threat from this...

7.5CVSS5.7AI score0.01686EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/04/22 9:3 a.m.3 views

envoyproxy/envoy: crash with empty HTTP/2 metadata map

A flaw was found in envoyproxy. An attacker, able to craft an HTTP2 request that specifies an empty metadata map, can crash envoy resulting in a denial of service due to the null reference. The highest threat from this vulnerability is to system availability...

7.5CVSS5.7AI score0.01738EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/04/22 9:3 a.m.4 views

envoyproxy/envoy: integer overflow handling large grpc-timeouts

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS5.7AI score0.0204EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/04/22 9:1 a.m.3 views

envoyproxy/envoy: crash with empty HTTP/2 metadata map

A flaw was found in envoyproxy. An attacker, able to craft an HTTP2 request that specifies an empty metadata map, can crash envoy resulting in a denial of service due to the null reference. The highest threat from this vulnerability is to system availability...

7.5CVSS5.7AI score0.01738EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/04/22 9:1 a.m.3 views

envoyproxy/envoy: integer overflow handling large grpc-timeouts

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS5.7AI score0.0204EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/09/30 1:14 p.m.6 views

envoyproxy/envoy: incorrectly handles multiple HTTP headers in requests

An incorrect access control bypass vulnerability was found in envoy proxy/envoy. This flaw allows an attacker to send multiple HTTP headers where only the first one is valid. Envoy then forwards all of the headers as valid to the upstream component. This issue allows an attacker to subvert any...

8.3CVSS5.8AI score0.01317EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/09/30 3:56 a.m.28 views

CVE-2020-25017

An incorrect access control bypass vulnerability was found in envoy proxy/envoy. This flaw allows an attacker to send multiple HTTP headers where only the first one is valid. Envoy then forwards all of the headers as valid to the upstream component. This issue allows an attacker to subvert any...

8.3CVSS3.5AI score0.01317EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/07/22 8:9 a.m.4 views

envoyproxy/envoy: incorrectly validates TLS certificates when using wildcards for DNS SAN's

An improper certificate validation vulnerability was found in envoyproxy/envoy, when externally created certificates with wildcards in the DNS Subject Alternative Name are used. This flaw allows an attacker to subvert the envoy filter or destination rules to access restricted resources. The highe...

5.5CVSS5.8AI score0.00252EPSS
Exploits0References5
Rows per page
Query Builder