Audit CVEs of nginx, haproxy, etc.

[htuch]

Nginx already had a CVE for path normalization https://www.rapid7.com/db/vulnerabilities/nginx-cve-2009-3898 similar to CVE-2019-9901. What other CVEs exist for similar classes of proxy to Envoy?

Ideally we should audit existing CVEs and track the release of new ones to verify we don't have similar issues.

Action item for CVE-2019-9901

[htuch]

@yanavlasov as discussed this morning, this would teach us a lot about the topography of this domain.

[stale]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[htuch]

@yanavlasov do you reckon we will be able to externalize your work on this?

[yanavlasov]

Yes, I think so. Let's discuss on Monday.

[stale]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.

[htuch]

@yanavlasov did you have some further thoughts on how to externalize your audit work?

[stale]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.