Cloud Foundry GoRouter is vulnerable to cache poisoning
CVE-2020-5401

5.3MEDIUM

Key Information:

Vendor: Cloud Foundry
Status: Routing
Vendor: CVE Published:; 27 February 2020

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2020-5401?

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

Affected Version(s)

Routing < 0.197.0

References

https://www.cloudfoundry.org/blog/cve-2020-5401

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2020
Vulnerability Reserved
Jan 3, 2020

CVE-2020-5401 Data

JSON