Lucene search
Cloud FoundryCFOUNDRY:755A1D829D0366BB8208488D4DC312EBHistoryFeb 24, 2020 - 12:00 a.m.
CVE-2020-5401: Cloud Foundry GoRouter is vulnerable to cache poisoning | Cloud Foundry
2020-02-2400:00:00
Cloud Foundry
www.cloudfoundry.org
49
0.001 Low
EPSS
Percentile
39.7%
Severity
Medium
Vendor
Cloud Foundry Foundation
Description
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- CF Deployment
- All versions prior to v12.27.0
- Routing Release
- All versions prior to 0.197.0
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
- CF Deployment
- Upgrade versions to v12.27.0 or greater
- Routing Release
- Upgrade versions to 0.197.0 or greater
Credit
This issue was responsibly reported by Nathan Davison.
History
2020-02-24: Initial vulnerability report published.
| CPE | Name | Operator | Version |
|---|---|---|---|
| routing release | lt | 0.197.0 |
Related
prion
prion
Null pointer dereference
2020-02-27 20:15:00
osv
osv
CVE-2020-5401
2020-02-27 20:15:11
cve
cve
CVE-2020-5401
2020-02-27 20:15:11
cvelist
cvelist
CVE-2020-5401 Cloud Foundry GoRouter is vulnerable to cache poisoning
2020-02-24 00:00:00
nvd
nvd
CVE-2020-5401
2020-02-27 20:15:11
veracode
veracode
Denial Of Service (DoS)
2020-03-02 07:45:14