| |
Vulnerability CVE-2020-5401
Published: 2020-02-27
| Description: |
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app. |
Type:
CWE-444 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling'))
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Partial |
References: |
https://www.cloudfoundry.org/blog/cve-2020-5401
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
