CVE-2020-5420

Published: Sep 3, 2020Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.

Affected (2)

Products: Cloudfoundry: Cf Deployment, Gorouter

Cloudfoundry

2 products

Cf Deployment

Gorouter

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Cf Deployment	Before 13.15.0
Cloudfoundry Gorouter	Before 0.206.0

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://www.cloudfoundry.org/blog/cve-2020-5420

Source: security@pivotal.io

Vendor Advisory

https://www.cloudfoundry.org/blog/cve-2020-5420

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.