Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Routing-Release Security Vulnerabilities

cve
cve

CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...

9.8CVSS

9.3AI Score

0.002EPSS

2017-06-13 06:29 AM
16
cve
cve

CVE-2017-8034

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrator...

6.6CVSS

6.5AI Score

0.001EPSS

2017-07-17 02:29 PM
19
cve
cve

CVE-2017-8047

In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain a...

6.1CVSS

6.2AI Score

0.001EPSS

2017-10-04 01:29 AM
25
cve
cve

CVE-2018-1193

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

5.3CVSS

5.2AI Score

0.001EPSS

2018-05-23 03:29 PM
19
cve
cve

CVE-2018-1221

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...

8.1CVSS

7.9AI Score

0.001EPSS

2018-03-19 06:29 PM
27
cve
cve

CVE-2019-11289

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

8.6CVSS

8.4AI Score

0.001EPSS

2019-11-19 07:15 PM
58
cve
cve

CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

5.9CVSS

6.6AI Score

0.011EPSS

2020-07-17 04:15 PM
319
3
cve
cve

CVE-2020-5416

Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause ...

6.5CVSS

6.4AI Score

0.001EPSS

2020-08-21 10:15 PM
37
4
cve
cve

CVE-2023-34041

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

5.3CVSS

5.3AI Score

0.001EPSS

2023-09-08 08:15 AM
25