2 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale. El manejo inadecuado de las solicitudes en Routing Release &gt; v0.273.0 y &lt;= v0.297.0 permite que un atacante no autenticado degrade la disponibilidad del servicio de la implementación de Cloud Foundry si se realiza a escala. • https://www.cloudfoundry.org/blog/cve-2024-22279-gorouter-denial-of-service-attack • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations. Las versiones de lanzamiento de enrutamiento de Cloud Foundry anteriores a 0.278.0 son vulnerables al abuso de HTTP Hop-by-Hop Headers. Un atacante no autenticado puede usar esta vulnerabilidad para encabezados como B3 o X-B3-SpanID para afectar al valor de identificación registrado en los registros de las bases. • https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter •