Critical
Cloud Foundry Foundation
The Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.
Users of affected versions should apply the following mitigations or upgrades:
This issue was responsibly reported by the** **Volkswagen Digital:Lab Platform Team.
2018-02-13: Initial vulnerability report published, versions clarified, credit added.
2018-02-14: Versions clarified.