Vulnerabilities > CVE-2018-1193 - Unspecified vulnerability in Cloudfoundry Cf-Deployment and Routing-Release

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cloudfoundry

Summary

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

Vulnerable Configurations

Part Description Count
Application
Cloudfoundry
122