CVE-2019-11289

HIGH

Cloudfoundry Cf-deployment < 12.8.0 - Improper Input Validation

Title source: rule
STIX 2.1

Description

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-11289

Scores

CVSS v3 8.6
EPSS 0.0151
EPSS Percentile 71.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (3)
cloudfoundry/cf-deployment < 12.8.0
cloudfoundry/routing-release < 0.193.0
code.cloudfoundry.org/gorouter 0 - 0.0.0-20191101214924-b1b5c44e050fGo
Published Nov 19, 2019
Tracked Since Feb 18, 2026