CVE-2019-11289
published 2019-11-19CVE-2019-11289: Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route…
PriorityP346high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
EPSS
1.51%
71.3th percentile
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloud_foundry | routing | >= All < 0.193.0 | 0.193.0 |
| cloudfoundry | cf-deployment | < 12.8.0 | 12.8.0 |
| cloudfoundry | routing-release | < 0.193.0 | 0.193.0 |
| code.cloudfoundry.org | gorouter | >= 0 < 0.0.0-20191101214924-b1b5c44e050f | 0.0.0-20191101214924-b1b5c44e050f |
| github.com | cloudfoundry_gorouter | >= 0 < 0.0.0-20191101214924-b1b5c44e050f | 0.0.0-20191101214924-b1b5c44e050f |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Panic in decryption in code.cloudfoundry.org/gorouter
osv·2021-07-28
CVE-2019-11289 Panic in decryption in code.cloudfoundry.org/gorouter
Panic in decryption in code.cloudfoundry.org/gorouter
Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect nonce size. If this package is used to decrypt user supplied messages without checking the size of supplied nonces, this may be used as a vector for a denial of service attack.
OSV
Cloud Foundry Routing Improper Input Validation vulnerability
osv·2021-05-18
CVE-2019-11289 [HIGH] Cloud Foundry Routing Improper Input Validation vulnerability
Cloud Foundry Routing Improper Input Validation vulnerability
Cloud Foundry Routing, all versions before 0.0.0-20191101214924-b1b5c44e050f, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.
GHSA
Cloud Foundry Routing Improper Input Validation vulnerability
ghsa·2021-05-18
CVE-2019-11289 [HIGH] CWE-20 Cloud Foundry Routing Improper Input Validation vulnerability
Cloud Foundry Routing Improper Input Validation vulnerability
Cloud Foundry Routing, all versions before 0.0.0-20191101214924-b1b5c44e050f, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-19
Published