cbcvebase.
CVE-2023-34041
published 2023-09-08

CVE-2023-34041: Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.37%
28.9th percentile
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

Affected

4 ranges
VendorProductVersion rangeFixed in
cloud_foundrycf_deployment>= all < 32.4.032.4.0
cloud_foundryrouting>= all < 0.278.00.278.0
cloudfoundrycf-deployment< 32.4.032.4.0
cloudfoundryrouting-release< 0.278.00.278.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.