5 matches found
CVE-2024-37082
When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...
CVE-2024-37082
When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...
CVE-2024-37082
CVE-2024-37082 affects Cloud Foundry when deployed with the haproxy-boshrelease and non-default configuration, allowing HTTP requests to bypass mTLS against CF applications if route-services are enabled and ha_proxy.forwarded_client_cert is set to forward_only_if_route_service. Affected setup: Ro...
CVE-2024-37082
When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...
CVE-2024-37082 - mTLS bypass | Cloud Foundry
Severity CRITICAL Vendor CloudFoundry Foundation Versions Affected Routing Release 10.6.0 Description When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud...