CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22279 – GoRouter Denial of Service Attack
https://notcve.org/view.php?id=CVE-2024-22279
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale. El manejo inadecuado de las solicitudes en Routing Release > v0.273.0 y <= v0.297.0 permite que un atacante no autenticado degrade la disponibilidad del servicio de la implementación de Cloud Foundry si se realiza a escala. • https://www.cloudfoundry.org/blog/cve-2024-22279-gorouter-denial-of-service-attack • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34041 – CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter
https://notcve.org/view.php?id=CVE-2023-34041
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations. Las versiones de lanzamiento de enrutamiento de Cloud Foundry anteriores a 0.278.0 son vulnerables al abuso de HTTP Hop-by-Hop Headers. Un atacante no autenticado puede usar esta vulnerabilidad para encabezados como B3 o X-B3-SpanID para afectar al valor de identificación registrado en los registros de las bases. • https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter •