CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headers
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- You are using routing-release versions prior to 0.175.0
- You are using cf-deployment versions prior to v1.27.0
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- routing-release version 0.175.0
- NOTE: deployment property ‘sanitize_forwarded_proto’ must be set to true
- Terminate application TLS prior to gorouter
- This issue does not apply if you terminate TLS prior to gorouter
2018-05-21: Initial vulnerability report published.