CVE-2019-19330

CVE-2019-19330

Name

CVE-2019-19330

Description

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e
Patch	https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878
Patch	https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344
Third Party Advisory	https://tools.ietf.org/html/rfc7540#section-10.3
Third Party Advisory	https://www.debian.org/security/2019/dsa-4577
Mailing List	https://seclists.org/bugtraq/2019/Nov/45
Third Party Advisory	https://usn.ubuntu.com/4212-1/
GENTOO	https://security.gentoo.org/glsa/202004-01

Type

URI

Patch

https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e

Patch

https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878

Patch

https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344

Third Party Advisory

https://tools.ietf.org/html/rfc7540#section-10.3

Third Party Advisory

https://www.debian.org/security/2019/dsa-4577