Harvey Tuch

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions through 9.2.1 **Description** The issue is related to improper input validation in Apache Traffic Server, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions through 9.2.1, update to a version later than 9.2.1 to resolve the issue. As a temporary workaround, consider restricting input validation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.15.0 **Description** The issue arises because Envoy only considers the first value when multiple header values are present for some HTTP headers. Additionally, Envoy's setCopy() header map API does not replace all existing occurrences of a non-inline header. **Recommendations** For versions prior to 1.15.0, update to version 1.15.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the setCopy() header map API to minimize the risk of exploitation. Avoid using non-inline headers in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Envoy version 1.12.0 **Description** An issue allows an untrusted remote client to send HTTP/2 requests that can write to the heap outside of the request buffers when the upstream is HTTP/1. This can lead to corruption of nearby heap contents or bypass Envoy's access control mechanisms, such as path-based routing. An attacker may also modify requests from other users that are proximal in time and space. **Recommendations** For Envoy version 1.12.0, consider disabling HTTP/2 support until a patch is available to prevent exploitation. Restrict access to sensitive paths and resources to minimize the risk of access control bypass. As a temporary workaround, monitor and limit proximal requests to reduce the risk of request modification. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envoy versions 1.9.0 and earlier **Description** The issue is related to errors in parsing HTTP headers and URL paths. This can allow a remote attacker to bypass header matching rules and access control, potentially gaining access to unauthorized resources. The vulnerability can be exploited by crafting header values containing embedded NUL characters or by using relative paths to bypass access control. **Recommendations** For Envoy versions 1.9.0 and earlier, consider disabling the HTTP/1.x parsing functionality until a patch is available. Restrict access to sensitive resources by implementing additional access control mechanisms. Avoid using relative paths in HTTP URL requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.