CVE-2019-11289
HIGHCloudfoundry Cf-deployment < 12.8.0 - Improper Input Validation
Title source: ruleDescription
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-11289
Scores
CVSS v3
8.6
EPSS
0.0151
EPSS Percentile
71.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (3)
cloudfoundry/cf-deployment
< 12.8.0
cloudfoundry/routing-release
< 0.193.0
code.cloudfoundry.org/gorouter
0 - 0.0.0-20191101214924-b1b5c44e050fGo
Published
Nov 19, 2019
Tracked Since
Feb 18, 2026