Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry routing-release vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2019-11289
Cloud Foundry Routing, all versions prior to 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
7.5
CVSSv2
CVE-2016-8218
An issue exists in Cloud Foundry Foundation routing-release versions before 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged malicious users to impersonate other users to the routing API, aka an "...
Cloudfoundry Cf-release 204
Cloudfoundry Cf-release 206
Cloudfoundry Cf-release 211
Cloudfoundry Cf-release 207
Cloudfoundry Cf-release 208
Cloudfoundry Cf-release 209
Cloudfoundry Cf-release 210
Cloudfoundry Cf-release 225
Cloudfoundry Cf-release 226
Cloudfoundry Cf-release 227
Cloudfoundry Cf-release 228
Cloudfoundry Cf-release 213
Cloudfoundry Cf-release 215
Cloudfoundry Cf-release 221
Cloudfoundry Cf-release 223
Cloudfoundry Cf-release 230
Cloudfoundry Routing-release
Cloudfoundry Cf-release 217
Cloudfoundry Cf-release 218
Cloudfoundry Cf-release 219
Cloudfoundry Cf-release 220
Cloudfoundry Cf-release
6
CVSSv2
CVE-2017-8034
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations,...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
Cloudfoundry Routing-release
5.8
CVSSv2
CVE-2017-8047
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishi...
Cloudfoundry Cf-release
Pivotal Routing-release
5.5
CVSSv2
CVE-2018-1221
In cf-deployment prior to 1.14.0 and routing-release prior to 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to ste...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
5
CVSSv2
CVE-2020-5401
Cloud Foundry Routing Release, versions before 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
Cloudfoundry Routing Release
5
CVSSv2
CVE-2018-1193
Cloud Foundry routing-release, versions before 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
4.3
CVSSv2
CVE-2020-15586
Go prior to 1.13.13 and 1.14.x prior to 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
Golang Go
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4
CVSSv2
CVE-2020-5416
Cloud Foundry Routing (Gorouter), versions before 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP request...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
4
CVSSv2
CVE-2019-3789
Cloud Foundry Routing Release, all versions before 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route servic...
Cloudfoundry Routing Release
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »