RSS   Vulnerabilities for 'Routing release'   RSS

2020-02-27
 
CVE-2020-5401

CWE-444
 

 
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

 
2019-04-24
 
CVE-2019-3789

CWE-264
 

 
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route.

 

 >>> Vendor: Cloudfoundry 18 Products
Cf-release
Capi-release
Bosh azure cpi
Cf-mysql-release
Routing-release
Staticfile buildpack
Cf-deployment
Uaa release
Routing release
Garden-runc
User account and authentication
Container runtime
Command line interface
Credhub cli
Stratos
Bosh backup and restore
Cloud controller
Routing


Copyright 2024, cxsecurity.com

 

Back to Top