CVE-2018-1221

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.
References
Link Resource
https://www.cloudfoundry.org/blog/cve-2018-1221/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*

Information

Published : 2018-03-19 06:29

Updated : 2021-05-27 10:35


NVD link : CVE-2018-1221

Mitre link : CVE-2018-1221

Products Affected
No products.
CWE