exploitDog

CVE-2018-1221

Опубликовано: 19 мар. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.

Ссылки

https://www.cloudfoundry.org/blog/cve-2018-1221/
Third Party Advisory
https://www.cloudfoundry.org/blog/cve-2018-1221/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*

Версия до 1.14.0 (исключая)

cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*

Версия до 0.172.0 (исключая)

EPSS

Процентиль: 57%

0.00357

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

EPSS

Процентиль: 57%

0.00357

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20