Описание
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.27.0 (исключая)Версия до 0.175.0 (исключая)
Одно из
cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00169
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
EPSS
Процентиль: 39%
0.00169
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo