CVE-2020-5401

MEDIUM

Cloud Foundry Routing Release < 0.197.0 - Denial of Service via Invalid Header Caching

Title source: llm
STIX 2.1

Description

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2020-5401

Scores

CVSS v3 5.3
EPSS 0.0104
EPSS Percentile 59.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-393 CWE-444
Status published
Products (1)
cloudfoundry/routing_release < 0.197.0
Published Feb 27, 2020
Tracked Since Feb 18, 2026