Remote Code Execution Vulnerability in Cloud Foundry Loggregator
CVE-2018-1269

6.5MEDIUM

Key Information:

Vendor: Cloud Foundry
Status: Loggregator
Vendor: CVE Published:; 6 June 2018

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2018-1269?

A vulnerability in Cloud Foundry's Loggregator allows remote authenticated users to exploit certain error-handling inadequacies in HTTP requests. This exploitation can lead to dangling TCP connections remaining open, which may ultimately disrupt service availability and lead to denial of service.

Affected Version(s)

Loggregator 89.x < 89.5

Loggregator 96.x < 96.1

Loggregator 99.x < 99.1

References

https://www.cloudfoundry.org/blog/cve-2018-1269

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2018
Vulnerability Reserved
Dec 6, 2017

CVE-2018-1269 Data

JSON