Lucene search
PivotalCVELIST:CVE-2019-11289HistoryNov 19, 2019 - 6:41 p.m.
CVE-2019-11289 A forged route service request using an invalid nonce can cause the gorouter to panic and crash
2019-11-1918:41:04
CWE-20
pivotal
www.cve.org
3
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
42.5%
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
CNA Affected
[
{
"product": "Routing",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "0.193.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
]References
Related
cloudfoundry
cloudfoundry
gitlab
gitlab
Improper Input Validation
2021-05-18 00:00:00
Improper Input Validation
2021-05-18 00:00:00
osv
osv
CVE-2019-11289
2019-11-19 19:15:23
Cloud Foundry Routing Improper Input Validation vulnerability
2021-05-18 15:31:39
Panic in decryption in code.cloudfoundry.org/gorouter
2021-07-28 18:08:05
symantec
symantec
github
github
Cloud Foundry Routing Improper Input Validation vulnerability
2021-05-18 15:31:39
prion
prion
Input validation
2019-11-19 19:15:00
veracode
veracode
Denial Of Service (DoS)
2019-11-20 02:39:04
cve
cve
CVE-2019-11289
2019-11-19 19:15:23
nvd
nvd
CVE-2019-11289
2019-11-19 19:15:23
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
42.5%
Related for CVELIST:CVE-2019-11289