Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry routing release vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34041
Cloud foundry routing release versions before 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
NA
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and before 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the curre...
Cloudfoundry Routing Release
Cloudfoundry Cf-deployment
4
CVSSv2
CVE-2020-5416
Cloud Foundry Routing (Gorouter), versions before 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP request...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
4.3
CVSSv2
CVE-2020-15586
Go prior to 1.13.13 and 1.14.x prior to 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
Golang Go
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5
CVSSv2
CVE-2020-5401
Cloud Foundry Routing Release, versions before 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
Cloudfoundry Routing Release
7.8
CVSSv2
CVE-2019-11289
Cloud Foundry Routing, all versions prior to 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
4
CVSSv2
CVE-2019-3789
Cloud Foundry Routing Release, all versions before 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route servic...
Cloudfoundry Routing Release
5
CVSSv2
CVE-2018-1193
Cloud Foundry routing-release, versions before 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
6.8
CVSSv2
CVE-2018-1267
Cloud Foundry Silk CNI plugin, versions before 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the net...
Cloudfoundry Silk-release
5.5
CVSSv2
CVE-2018-1221
In cf-deployment prior to 1.14.0 and routing-release prior to 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to ste...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »