CVE-2018-1269

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
cloudfoundryloggregator
89 ≤
𝑥
< 89.5
cloudfoundryloggregator
96 ≤
𝑥
< 96.1
cloudfoundryloggregator
99 ≤
𝑥
< 99.1
cloudfoundryloggregator
101 ≤
𝑥
< 101.9
cloudfoundryloggregator
102 ≤
𝑥
< 102.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cloudfoundry.org/blog/cve-2018-1269
https://www.cloudfoundry.org/blog/cve-2018-1269