{"containers": {"cna": {"affected": [{"product": "Routing", "vendor": "Cloud Foundry", "versions": [{"lessThan": "0.204.0", "status": "affected", "version": "All", "versionType": "custom"}]}, {"product": "CF Deployment", "vendor": "Cloud Foundry", "versions": [{"lessThan": "13.13.0", "status": "affected", "version": "All", "versionType": "custom"}]}], "datePublic": "2020-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-404", "description": "CWE-404: Improper Resource Shutdown or Release", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-21T21:50:14", "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "shortName": "pivotal"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/blog/cve-2020-5416"}], "source": {"discovery": "UNKNOWN"}, "title": "CF clusters with NGINX in front of them may be vulnerable to DoS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@pivotal.io", "DATE_PUBLIC": "2020-08-14T00:00:00.000Z", "ID": "CVE-2020-5416", "STATE": "PUBLIC", "TITLE": "CF clusters with NGINX in front of them may be vulnerable to DoS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Routing", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "0.204.0"}]}}, {"product_name": "CF Deployment", "version": {"version_data": [{"version_affected": "<", "version_name": "All", "version_value": "13.13.0"}]}}]}, "vendor_name": "Cloud Foundry"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-404: Improper Resource Shutdown or Release"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/blog/cve-2020-5416", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/blog/cve-2020-5416"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:24.212Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudfoundry.org/blog/cve-2020-5416"}]}]}, "cveMetadata": {"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "assignerShortName": "pivotal", "cveId": "CVE-2020-5416", "datePublished": "2020-08-21T21:50:14.375704Z", "dateReserved": "2020-01-03T00:00:00", "dateUpdated": "2024-09-16T16:53:12.333Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAA9939F-B430-45EB-8B6A-E37E56D4258B", "versionEndExcluding": "13.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "86F6E764-7191-4EDB-AC4A-E606961F8542", "versionEndExcluding": "0.204.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool."}, {"lang": "es", "value": "Cloud Foundry Routing (Gorouter), versiones anteriores a 0.204.0, cuando es usado en una implementaci\u00f3n con proxys inversos NGINX frente a los Gorouters, es potencialmente vulnerable a ataques de denegaci\u00f3n de servicio en los que un atacante malicioso no autenticado puede enviar peticiones HTTP especialmente dise\u00f1adas que pueden causar que los Gorouters sean eliminados del grupo de backend de NGINX."}], "id": "CVE-2020-5416", "lastModified": "2024-11-21T05:34:07.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security@pivotal.io", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-21T22:15:12.527", "references": [{"source": "security@pivotal.io", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/blog/cve-2020-5416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/blog/cve-2020-5416"}], "sourceIdentifier": "security@pivotal.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "security@pivotal.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}