Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
routing-release vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-34061
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Routing Release
5.3
CVSSv3
CVE-2023-34041
Cloud foundry routing release versions before 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
5.9
CVSSv3
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and before 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the curre...
Cloudfoundry Routing Release
Cloudfoundry Cf-deployment
6.5
CVSSv3
CVE-2020-5416
Cloud Foundry Routing (Gorouter), versions before 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP request...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
5.9
CVSSv3
CVE-2020-15586
Go prior to 1.13.13 and 1.14.x prior to 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
Golang Go
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5.3
CVSSv3
CVE-2020-5401
Cloud Foundry Routing Release, versions before 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
Cloudfoundry Routing Release
8.6
CVSSv3
CVE-2019-11289
Cloud Foundry Routing, all versions prior to 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
7.8
CVSSv3
CVE-2019-3800
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is t...
Pivotal Cloud Foundry Deployment Concourse Tasks
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Smoke Test
Pivotal Cloud Foundry Routing Release
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Command Line Interface Release
Pivotal Cloud Foundry Log Cache Release
Pivotal Cloud Foundry Networking Release
Pivotal Cloud Foundry Command Line Interface
Pivotal Cloud Foundry Healthwatch
Pivotal Credhub Service Broker For Pcf
Pivotal Metric Registrar Release
Pivotal On Demand Service Broker
Pivotal Application Service
Pivotal Cloud Foundry Autoscaling Release
Pivotal Pivotal Cloud Foundry Service Broker
Pivotal Single Sign-on
Pivotal Cloud Foundry Event Alerts
Appdynamics Platform Montioring
Bluemedora Nozzle
Contrastsecurity Service Broker
Cyberark Conjur Service Broker
6.5
CVSSv3
CVE-2019-3789
Cloud Foundry Routing Release, all versions before 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route servic...
Cloudfoundry Routing Release
5.3
CVSSv3
CVE-2018-1193
Cloud Foundry routing-release, versions before 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »