Lucene search
K
CloudfoundryRouting-release

8 matches found

CVE
CVE
added 2020/07/17 3:38 p.m.428 views

CVE-2020-15586

CVE-2020-15586 affects Go before 1.13.13 and 1.14.x before 1.14.5, via a data race in certain net/http servers demonstrated by the httputil.ReverseProxy handler. The race occurs because a request body is read while a response is being written. Impact in the public documentation includes a potenti...

5.9CVSS6.6AI score0.02893EPSS
CVE
CVE
added 2019/11/19 6:41 p.m.92 views

CVE-2019-11289

CVE-2019-11289 – Impact and fix (Cloud Foundry Routing Gorouter) : All Cloud Foundry Routing versions before 0.193.0 are affected due to improper validation of nonce input. A remote unauthenticated attacker could forge a route service request using an invalid nonce, potentially causing the Gorout...

8.6CVSS8.5AI score0.0151EPSS
CVE
CVE
added 2020/08/21 9:50 p.m.65 views

CVE-2020-5416

Cloud Foundry Routing (Gorouter) is affected when deployed behind NGINX proxies. The vulnerability affects Gorouter versions prior to 0.204.0, where unauthenticated attackers can send specially crafted HTTP requests that may cause Gorouters to be dropped from the NGINX backend pool, potentially e...

7.7CVSS6.6AI score0.01245EPSS
CVE
CVE
added 2023/09/08 7:22 a.m.59 views

CVE-2023-34041

CVE-2023-34041 affects Cloud Foundry Router (gorouter) releases before 0.278.0, where HTTP Hop-by-Hop headers (notably B3 and X-B3-SpanID) can be abused to alter the identifiers logged in foundations. Exploitation requires no authentication and can influence log-trace values, per multiple sources...

5.3CVSS5.3AI score0.0037EPSS
CVE
CVE
added 2018/03/19 6:0 p.m.52 views

CVE-2018-1221

In CVE-2018-1221, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and other HTTP-aware Load Balancers. Affected products are cf-deployment (all versions before 1.14.0) and routing-release (all versions before 0.172.0). The underlying root cause i...

8.1CVSS7.9AI score0.01235EPSS
CVE
CVE
added 2018/05/23 3:0 p.m.51 views

CVE-2018-1193

Cloud Foundry routing-release before version 0.175.0 fails to sanitize user-provided X-Forwarded-Proto headers, allowing a remote attacker to bypass application requirements that enforce secure connections. Root cause: lack of filtering on X-Forwarded-Proto in routing-release/gorouter. Impact: po...

5.3CVSS5.2AI score0.01112EPSS
CVE
CVE
added 2017/07/17 2:0 p.m.49 views

CVE-2017-8034

CVE-2017-8034 affects Cloud Foundry components: Cloud Controller and Router in CAPI release capi < v1.32.0, Routing-release < v0.159.0, CF-release

6.6CVSS6.5AI score0.00751EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.43 views

CVE-2016-8218

CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...

9.8CVSS9.3AI score0.01297EPSS