Lucene search
+L

357 matches found

symantec
symantec
added 2019/11/18 12:0 a.m.29 views

Multiple Cloud Foundry Products CVE-2019-11289 Denial of Service Vulnerability

Description Multiple Cloud Foundry Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Cloud Foundry Routing OSS 0.118.0 Cloud Foundry Routing OSS 0.121.0 Cloud...

1.4AI score0.0151EPSS
Exploits0References1Affected Software1
cloudfoundry
cloudfoundry
added 2019/11/18 12:0 a.m.48 views

CVE-2019-11289: Gorouter header denial of service vulnerability | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...

8.6CVSS8.6AI score0.0151EPSS
Exploits0
veracode
veracode
added 2019/04/26 6:44 a.m.16 views

Man-in-the-Middle (MitM)

github.com/cloudfoundry/cf-deployment is vulnerable to man-in-the-middle attacks. Dependencies are downloaded via an unencrypted HTTP channel, allowing man-in-the-middle attackers to modify contents of the dependencies that are downloaded by the application, potentially causing arbitrary code...

9.8CVSS9.3AI score0.00588EPSS
Exploits0References2Affected Software1
prion
prion
added 2019/04/25 9:29 p.m.24 views

Code injection

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

5CVSS9.4AI score0.00588EPSS
Exploits0References2Affected Software3
nvd
nvd
added 2019/04/25 9:29 p.m.28 views

CVE-2019-3801

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

9.8CVSS9.2AI score0.00588EPSS
Exploits0References2
osv
osv
added 2019/04/25 9:29 p.m.27 views

CVE-2019-3801

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

9.8CVSS7.2AI score0.00588EPSS
Exploits0References2
cve
cve
added 2019/04/25 8:17 p.m.58 views

CVE-2019-3801

CVE-2019-3801 affects Cloud Foundry cf-deployment versions prior to 7.9.0. The Java components fetch dependencies over an insecure HTTP channel, enabling a remote, unauthenticated attacker to hijack the dependency DNS entry and inject malicious code into the component during build. Practical impa...

9.8CVSS9.3AI score0.00588EPSS
Exploits0References2Affected Software3
cvelist
cvelist
added 2019/04/25 8:17 p.m.30 views

CVE-2019-3801 Java Projects using HTTP to fetch dependencies

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

8.7CVSS9.6AI score0.00588EPSS
Exploits0References2
cloudfoundry
cloudfoundry
added 2019/02/25 12:0 a.m.62 views

CVE-2019-3781: CF CLI does not sanitize user's password in verbose/trace/debug | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is high unless otherwise noted. CF CLI All versions prior to v6.43.0 CF CLI Release All versions prior to v1.13.0 CF Networking Release All versions Prior to v2.23.0 CF Routing Release All versions...

8.8CVSS8.4AI score0.01329EPSS
Exploits0
prion
prion
added 2018/03/19 6:29 p.m.26 views

Improper access control

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

6.5CVSS8.7AI score0.0099EPSS
Exploits0References1Affected Software3
cnvd
cnvd
added 2017/11/30 12:0 a.m.6 views

Multiple Vulnerabilities in Pivotal Cloud Foundry cf-deployment

Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release version of...

7.5CVSS6.6AI score0.01426EPSS
Exploits0References1
prion
prion
added 2017/11/28 7:29 a.m.21 views

Code injection

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

4CVSS6.3AI score0.00945EPSS
Exploits0References1Affected Software3
nvd
nvd
added 2017/11/28 7:29 a.m.32 views

CVE-2017-14389

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

6.5CVSS6.4AI score0.00945EPSS
Exploits0References1
osv
osv
added 2017/11/28 7:29 a.m.24 views

CVE-2017-14389

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

6.5CVSS6.7AI score0.00945EPSS
Exploits0References1
cve
cve
added 2017/11/28 7:0 a.m.78 views

CVE-2017-14389

CVE-2017-14389 affects Cloud Foundry Foundation components capi-release (all versions < 1.45.0), cf-release (all versions < v280), and cf-deployment (all versions

6.5CVSS6.3AI score0.00945EPSS
Exploits0References1Affected Software3
cve
cve
added 2017/11/27 10:0 a.m.49 views

CVE-2017-14390

CVE-2017-14390 affects Cloud Foundry cf-deployment v0.35.0, caused by a misconfiguration between Loggregator and syslog-drain that causes logs to be drained to unintended locations. Mitigation is to upgrade to cf-deployment v0.36.0 (and apply the vendor remediation). This vulnerability is documen...

7.5CVSS7.4AI score0.01426EPSS
Exploits0References2Affected Software1
cloudfoundry
cloudfoundry
added 2017/11/14 12:0 a.m.39 views

CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-deployment v0.35.0 Description A misconfiguration with Loggregator and syslog-drain in cf-deployment causes logs to be drained to unintended locations. Mitigation Users of affected versions should appl...

7.5CVSS7.5AI score0.01426EPSS
Exploits0
Rows per page
Query Builder