The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-27T15:53:26
Updated: 2020-04-01T20:06:11
Reserved: 2019-11-27T00:00:00
Link: CVE-2019-19330
JSON object: View
NVD Information
Status : Modified
Published: 2019-11-27T16:15:11.720
Modified: 2023-11-07T03:07:37.857
Link: CVE-2019-19330
JSON object: View
Redhat Information
No data.
CWE