CVE-2018-1269

EUVD-2018-11894
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
cloudfoundryloggregator
89 ≤
𝑥
< 89.5
cloudfoundryloggregator
96 ≤
𝑥
< 96.1
cloudfoundryloggregator
99 ≤
𝑥
< 99.1
cloudfoundryloggregator
101 ≤
𝑥
< 101.9
cloudfoundryloggregator
102 ≤
𝑥
< 102.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cloudfoundry.org/blog/cve-2018-1269
https://www.cloudfoundry.org/blog/cve-2018-1269