CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headers

Severity

Low

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

You are using routing-release versions prior to 0.175.0
You are using cf-deployment versions prior to v1.27.0

Description

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

Releases that have fixed this issue include:
- routing-release version 0.175.0
- NOTE: deployment property ‘sanitize_forwarded_proto’ must be set to true
Terminate application TLS prior to gorouter
- This issue does not apply if you terminate TLS prior to gorouter

References

https://github.com/cloudfoundry/gorouter/issues/201

History

2018-05-21: Initial vulnerability report published.

CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headers

CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headers

Severity

Vendor

Affected Cloud Foundry Products and Versions

Description

Mitigation

References

History

You Might Also Like

CVE-2018-11082: UAA MFA doesn’t prevent brute force of MFA code

USN-6101-1: GNU binutils vulnerabilities

CVE-2019-11279: Privilege Escalation via Scope Manipulation in UAA

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!