PT-2018-10914 · Cloud Foundry · Routing-Release

Published

2018-05-23

Updated

2019-10-03

CVE-2018-1193

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry routing-release versions prior to 0.175.0

Description The issue lacks sanitization for user-provided X-Forwarded-Proto headers, allowing a remote user to potentially bypass an application requirement to only respond over secure connections by setting the X-Forwarded-Proto header in a request.

Recommendations For versions prior to 0.175.0, update to version 0.175.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability for users to set the X-Forwarded-Proto header to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1193

Affected Products

Routing-Release

PT-2018-10914 · Cloud Foundry · Routing-Release

CVE-2018-1193

Related Identifiers

Affected Products

References · 3