PT-2020-18472 · Cloud Foundry · Cloud Foundry Routing

Published

2020-09-03

Updated

2020-09-11

CVE-2020-5420

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry Routing (Gorouter) versions prior to 0.206.0

Description The issue allows a malicious developer with "cf push" access to cause denial-of-service to the Cloud Foundry cluster. This can be achieved by pushing an app that returns specially crafted HTTP responses, which can crash the Gorouters.

Recommendations For Cloud Foundry Routing (Gorouter) versions prior to 0.206.0, update to version 0.206.0 or later to resolve the issue.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2020-5420

Affected Products

Cloud Foundry Routing

PT-2020-18472 · Cloud Foundry · Cloud Foundry Routing

CVE-2020-5420

Weakness Enumeration

Related Identifiers

Affected Products

References · 3