CVE-2024-22279HTTP Request Smuggling in Foundry Routing Release

CWE-444HTTP Request Smuggling3 documents3 sources
Severity
7.5HIGHNVD
CNA5.9
EPSS
0.5%
top 32.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cloud Foundry Routing ReleaseCloudfoundry Cf-deploymentCloudfoundry Routing Release
Timeline
PublishedJun 10

Description

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDcloudfoundry/routing_release0.273.00.297.0
CVEListV5cloud_foundry/routing_releasev0.273.0v0.297.0
NVDcloudfoundry/cf-deployment30.9.040.13.0

🔴Vulnerability Details

2
CVEList
GoRouter Denial of Service Attack2024-06-10
GHSA
GHSA-3cff-hppc-4g4r: Improper handling of requests in Routing Release > v02024-06-10
CVE-2024-22279 — HTTP Request Smuggling | cvebase