8 matches found
CVE-2020-15586
CVE-2020-15586 affects Go before 1.13.13 and 1.14.x before 1.14.5, via a data race in certain net/http servers demonstrated by the httputil.ReverseProxy handler. The race occurs because a request body is read while a response is being written. Impact in the public documentation includes a potenti...
CVE-2019-11289
CVE-2019-11289 – Impact and fix (Cloud Foundry Routing Gorouter) : All Cloud Foundry Routing versions before 0.193.0 are affected due to improper validation of nonce input. A remote unauthenticated attacker could forge a route service request using an invalid nonce, potentially causing the Gorout...
CVE-2020-5416
Cloud Foundry Routing (Gorouter) is affected when deployed behind NGINX proxies. The vulnerability affects Gorouter versions prior to 0.204.0, where unauthenticated attackers can send specially crafted HTTP requests that may cause Gorouters to be dropped from the NGINX backend pool, potentially e...
CVE-2023-34041
CVE-2023-34041 affects Cloud Foundry Router (gorouter) releases before 0.278.0, where HTTP Hop-by-Hop headers (notably B3 and X-B3-SpanID) can be abused to alter the identifiers logged in foundations. Exploitation requires no authentication and can influence log-trace values, per multiple sources...
CVE-2018-1221
In CVE-2018-1221, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and other HTTP-aware Load Balancers. Affected products are cf-deployment (all versions before 1.14.0) and routing-release (all versions before 0.172.0). The underlying root cause i...
CVE-2018-1193
Cloud Foundry routing-release before version 0.175.0 fails to sanitize user-provided X-Forwarded-Proto headers, allowing a remote attacker to bypass application requirements that enforce secure connections. Root cause: lack of filtering on X-Forwarded-Proto in routing-release/gorouter. Impact: po...
CVE-2017-8034
CVE-2017-8034 affects Cloud Foundry components: Cloud Controller and Router in CAPI release capi < v1.32.0, Routing-release < v0.159.0, CF-release
CVE-2016-8218
CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...