CVE-2018-1221
N/A
N/A
Summary
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell EMC | The Cloud Foundry Gorouter | cf-deployment - All versions prior to 1.14.0 | affected |
| Dell EMC | The Cloud Foundry Gorouter | routing-release - All versions prior to 0.172.0 | affected |
Weaknesses
- websocket handling vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.