A forged route service request using an invalid nonce can cause the gorouter to panic and crash
CVE-2019-11289

8.6HIGH

Key Information:

Vendor: Cloud Foundry
Status: Routing
Vendor: CVE Published:; 19 November 2019

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2019-11289?

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

Affected Version(s)

Routing All < 0.193.0

References

https://www.cloudfoundry.org/blog/cve-2019-11289

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

CVSS V3.0

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2019
Vulnerability Reserved
Apr 18, 2019

CVE-2019-11289 Data

JSON