CVE-2018-1193 — Uncontrolled Resource Consumption in Routing-release

CWE-400 — Uncontrolled Resource Consumption7 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 61.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-deployment Cloudfoundry Routing-release Cloud Foundry Router

Timeline

PublishedMay 23

Latest updateDec 6

Description

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDcloudfoundry/routing-release< 0.175.0

▶NVDcloudfoundry/cf-deployment< 1.27.0

▶CVEListV5cloud_foundry/cloud_foundry_routerversions prior to 0.175.0

🔴Vulnerability Details

CVEList

CVE-2018-1193: Cloud Foundry routing-release, versions prior to 0↗2018-05-23

▶

💥Exploits & PoCs

Exploit-DB

TufinOS 2.17 Build 1193 - XML External Entity Injection↗2018-11-12

▶

📋Vendor Advisories

Red Hat

jenkins: potential denial of service through cron expression form validation (SECURITY-1193)↗2018-12-05

▶

💬Community

Bugzilla

CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193) [fedora-all]↗2018-12-06

▶

Bugzilla

CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193)↗2018-12-06

▶

Bugzilla

CVE-2018-14435 ImageMagick: memory leak in DecodeImage in coders/pcd.c↗2018-07-30

▶