Intermediary Encapsulation Attacks in HAProxy HTTP/2 Implementation

Intermediary Encapsulation Attacks in HAProxy HTTP/2 Implementation

CVE-2019-19330 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

Learn more about our Web Application Penetration Testing UK.