VDB
CVE-2019-19330
CVE-2019-19330
PUBLISHED
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
EPSS 1.06% · 78.0th percentile
Risk Scores
EPSS Score
1.06%
78.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | haproxy | 0, 1.7.9-1ubuntu1, 1.7.9-1ubuntu2 |
Timeline
- Nov 27, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 11, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-19330 third-party-advisory
- https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344 third-party-advisory
- https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878 third-party-advisory
- https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e third-party-advisory
- https://tools.ietf.org/html/rfc7540#section-10.3 third-party-advisory
- https://ubuntu.com/security/notices/USN-4212-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-19330 third-party-advisory