CVE-2020-5401 MEDIUM

CVE-2020-5401: Cloud Foundry GoRouter is vulnerable to cache poisoning

Vendor Cloud Foundry
Product Routing
Weakness CWE-393
Published February 27, 2020
Last update September 16, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

Key dates

02Disclosure timeline

February 27, 2020 CVE published
September 16, 2024 Record updated