Cloud Foundry Logo
blog single gear
Security Advisory

CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headersĀ 

CVE-2018-1193: gorouter accepts user-provided X-Forwarded-Proto headers

Severity

Low

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • You are using routing-release versions prior to 0.175.0
  • You are using cf-deployment versions prior to v1.27.0

Description

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • routing-release version 0.175.0
    • NOTE: deployment property ‘sanitize_forwarded_proto’ must be set to true
  • Terminate application TLS prior to gorouter
    • This issue does not apply if you terminate TLS prior to gorouter

References

History

2018-05-21: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES