Showing 1 - 1 of 1

CVE-2024-23326

Status Candidate

Overview

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.

Related Files

Red Hat Security Advisory 2024-7725-03: Posted Oct 8, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-7725-03 - Red Hat OpenShift Service Mesh Containers for 2.5.5. Issues addressed include code execution and denial of service vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2024-23326; SHA-256 | 541d392def9ee3625d6e35cf29404341156c8aa6f82fd7642ed166ec434ab8d9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 290 files
Ubuntu 63 files
Debian 20 files
Gentoo 8 files
Apple 6 files
LiquidWorm 4 files
Google Security Research 4 files
Alter Prime 3 files
Spencer McIntyre 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2024-23326

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems