Lucene search
PivotalCVELIST:CVE-2020-5420HistorySep 03, 2020 - 1:10 a.m.
CVE-2020-5420 Gorouter is vulnerable to DoS attack via invalid HTTP responses
2020-09-0301:10:16
CWE-754
pivotal
www.cve.org
1
cve-2020-5420; gorouter; dos attack; http responses; cloud foundry; routing; vulnerable; denial-of-service; cf cluster
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
44.5%
Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with “cf push” access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
CNA Affected
[
{
"product": "Routing",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "0.206.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "CF Deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "13.15.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
]References
Related
cve
cve
CVE-2020-5420
2020-09-03 01:15:10
veracode
veracode
Denial Of Service (DoS)
2020-09-04 04:05:05
cloudfoundry
cloudfoundry
nvd
nvd
CVE-2020-5420
2020-09-03 01:15:10
osv
osv
CVE-2020-5420
2020-09-03 01:15:10
prion
prion
Design/Logic Flaw
2020-09-03 01:15:00
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
44.5%
Related for CVELIST:CVE-2020-5420