Lucene search
Veracode Vulnerability DatabaseVERACODE:21358HistoryAug 23, 2019 - 1:19 a.m.
Arbitrary Proxy Redirection
2019-08-2301:19:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
51.0%
elastic_apm is vulnerable to arbitrary proxy redirection. A variable name precedence bug due to the way HTTP_PROXY and HTTPS_PROXY are parsed, causes the proxy header to be incorrectly processed. This allows allow a remote attacker to redirect collected APM data to an arbitrary proxy.
| CPE | Name | Operator | Version |
|---|---|---|---|
| elastic-apm | le | 5.0.0 |
References
discuss.elastic.co/t/elastic-apm-agent-for-python-5-1-0-security-update/196145
github.com/elastic/apm-agent-python/commit/47286d746e05897c6b3af8d465aa56ab1ed8d678
github.com/elastic/apm-agent-python/issues/458
github.com/elastic/apm-agent-python/pull/551
www.elastic.co/community/security#ESA-2019-11
www.elastic.co/community/security/
Related
github
github
Elastic APM agent for Python client CGI proxy redirection flaw
2022-05-24 16:54:36
osv
osv
PYSEC-2019-178
2019-08-22 17:15:00
Elastic APM agent for Python client CGI proxy redirection flaw
2022-05-24 16:54:36
CVE-2019-7617
2019-08-22 17:15:10
prion
prion
Design/Logic Flaw
2019-08-22 17:15:00
cve
cve
CVE-2019-7617
2019-08-22 17:15:10
cvelist
cvelist
CVE-2019-7617
2019-08-22 16:12:10
nvd
nvd
CVE-2019-7617
2019-08-22 17:15:10
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40