CVE-2019-19330

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e	Patch
https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878	Patch
https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344	Patch
https://tools.ietf.org/html/rfc7540#section-10.3	Third Party Advisory
https://www.debian.org/security/2019/dsa-4577	Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/45	Mailing List Third Party Advisory
https://usn.ubuntu.com/4212-1/	Third Party Advisory
https://security.gentoo.org/glsa/202004-01

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Information

Published : 2019-11-27 08:15

Updated : 2020-08-18 08:05

NVD link : CVE-2019-19330

Mitre link : CVE-2019-19330

JSON object : View

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Advertisement

Products Affected

debian

debian_linux

canonical

ubuntu_linux

haproxy

haproxy

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e", "name": "https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878", "name": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344", "name": "https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://tools.ietf.org/html/rfc7540#section-10.3", "name": "https://tools.ietf.org/html/rfc7540#section-10.3", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.debian.org/security/2019/dsa-4577", "name": "DSA-4577", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://seclists.org/bugtraq/2019/Nov/45", "name": "20191128 [SECURITY] [DSA 4577-1] haproxy security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://usn.ubuntu.com/4212-1/", "name": "USN-4212-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://security.gentoo.org/glsa/202004-01", "name": "GLSA-202004-01", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-74"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-19330", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2019-11-27T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.10"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-18T15:05Z"}