CVE-2023-34041

Published: Sep 8, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

Affected (2)

Products: Cloudfoundry: Cf Deployment, Routing Release

2 products

Routing Release

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Cf Deployment	Before 32.4.0
Cloudfoundry Routing Release	Before 0.278.0

References (2)

https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/

Source: security@vmware.com

Vendor Advisory

https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.