CVE-2020-5401Return of Wrong Status Code in Foundry Routing

CWE-393Return of Wrong Status CodeCWE-444HTTP Request Smuggling3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 36.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cloud Foundry RoutingCloudfoundry Routing Release
Timeline
PublishedFeb 27
Latest updateMay 24

Description

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cloud_foundry/routingunspecified0.197.0

🔴Vulnerability Details

2
GHSA
GHSA-jgr4-5mrv-w8ph: Cloud Foundry Routing Release, versions prior to 02022-05-24
CVEList
Cloud Foundry GoRouter is vulnerable to cache poisoning2020-02-27
CVE-2020-5401 — Return of Wrong Status Code | cvebase