83 matches found
CVE-2019-11289: Gorouter header denial of service vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...
GSA Bounty: Cache poisoning DoS to various TTS assets
I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the Cloudfoundry app in question is behind a web cache like Cloudfront or Cloudflare etc, it will possibly sto...
CVE-2019-3789
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...
CVE-2019-3789
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...
Design/Logic Flaw
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...
CVE-2019-3789 Gorouter allows space developer to hijack route services hosted outside the platform
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...
Man-in-the-Middle (MitM)
github.com/cloudfoundry/gorouter is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the lack of validation on the value of the X-Forwarded-Proto header, allowing the client to use a http connection and be prone to MitM attacks...
CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headers | Cloud Foundry
Severity Low Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using routing-release versions prior to 0.175.0 You are using cf-deployment versions prior to v1.27.0 Description Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for...
Pivotal Cloud Foundry cf-deployment and routing-release denial of service vulnerabilities
Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other things. cf-deployment is its development...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
Design/Logic Flaw
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
CVE-2018-1221
In CVE-2018-1221, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and other HTTP-aware Load Balancers. Affected products are cf-deployment (all versions before 1.14.0) and routing-release (all versions before 0.172.0). The underlying root cause i...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
CVE-2018-1221: Gorouter websocket handling vulnerability | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-deployment All versions prior to 1.14.0 routing-release All versions prior to 0.172.0 Description The Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and...
Pivotal Software Cloud Foundry cf-release Gorouter Cross-Site Scripting Vulnerability
Pivotal Software Cloud Foundry cf-release is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, USA, that provides container scheduling, continuous delivery, and automated service deployment.Gorouter is one of the packages used to maintain real-time routing...
Cross site scripting
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks via vectors related to modified requests...
CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks via vectors related to modified requests...
CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks via vectors related to modified requests...
CVE-2016-0713
The CVE-2016-0713 entry applies to Cloud Foundry Gorouter in cf-release versions 141–228, where a cross-site scripting (XSS) vulnerability can be exploited when an attacker modifies requests, enabling potential MITM-like behavior and unauthorized operations. Publicly documented impact is XSS via ...