Lucene search
K

10 matches found

CVE
CVE
added 2026/06/26 6:2 p.m.25 views

CVE-2026-47220

The CVE describes a crash in Envoy when using %REQUESTED_SERVER_NAME(X:Y)% in log format with host-related options (e.g., HOST_FIRST, SNI_FIRST) and the specified host header is missing in the request headers. Affected versions are 1.37.0 through 1.37.5 and 1.38.3. The vulnerability arises from t...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/06/26 6:2 p.m.32 views

CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS0.00665EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/26 6:2 p.m.3 views

CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:2 p.m.8 views

CVE-2026-47220

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52894

Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy can crash when the %REQUESTED SERVER NAMEX:Y% variable is used in the log format and host-related options such as HOST FIRST or SNI FIRST are specified...

7.5CVSS5.8AI score0.00665EPSS
Exploits1References22
OSV
OSV
added 2025/08/27 7:52 p.m.7 views

CLSA-2025-1756324356 Fix CVE(s): CVE-2025-49630

SECURITY UPDATE: denial of service attack caused by untrusted clients triggering assertion in modproxyhttp2 - debian/patches/CVE-2025-49630.patch: tolerate missing host header in h2 proxy to fix issue with HTTP/0.9 request without Host header - CVE-2025-49630...

7.5CVSS7.1AI score0.01149EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/12/13 6:26 p.m.5 views

EAP7: Internal IP address disclosed on redirect when request header Host field is not set

It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...

5.3CVSS7.3AI score0.02264EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.5 views

EAP7: Internal IP address disclosed on redirect when request header Host field is not set

It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...

5.3CVSS7.3AI score0.02264EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 5:48 p.m.4 views

EAP7: Internal IP address disclosed on redirect when request header Host field is not set

It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...

5.3CVSS7.3AI score0.02264EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 5:31 p.m.4 views

EAP7: Internal IP address disclosed on redirect when request header Host field is not set

It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which they are not authorized to...

5.3CVSS7.3AI score0.02264EPSS
Exploits0References4
Rows per page
Query Builder