CVE-2018-1221 — Improper Input Validation in Cf-deployment

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 42.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-deployment Cloudfoundry Routing-release Dell EMC THE Cloud Foundry Gorouter

Timeline

PublishedMar 19

Latest updateAug 1

Description

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDcloudfoundry/routing-release< 0.172.0

▶NVDcloudfoundry/cf-deployment< 1.14.0

▶CVEListV5dell_emc/the_cloud_foundry_goroutercf-deployment - All versions prior to 1.14.0, routing-release - All versions prior to 0.172.0+1

🔴Vulnerability Details

CVEList

CVE-2018-1221: In cf-deployment before 1↗2018-03-19

▶

💬Community

Bugzilla

CVE-2018-14551 ImageMagick: Uninitialized variable in coders/mat.c:ReadMATImageV4() allows for memory corruption↗2018-08-01

▶