PT-2018-10914 · Cloud Foundry · Routing-Release

Publicado

2018-05-23

Atualizado

2019-10-03

CVE-2018-1193

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry routing-release versions prior to 0.175.0

Description The issue lacks sanitization for user-provided X-Forwarded-Proto headers, allowing a remote user to potentially bypass an application requirement to only respond over secure connections by setting the X-Forwarded-Proto header in a request.

Recommendations For versions prior to 0.175.0, update to version 0.175.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability for users to set the X-Forwarded-Proto header to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1193

Produtos afetados

Routing-Release

PT-2018-10914 · Cloud Foundry · Routing-Release

CVE-2018-1193

Identificadores relacionados

Produtos afetados

Referências · 3