CVE-2020-5401 — MEDIUM (5.3)

Q: How severe is CVE-2020-5401?

CVE-2020-5401 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5401?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Routing Release.

Vulnerability Description

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Cloudfoundry	Routing Release	< 0.197.0

Related Weaknesses (CWE)

CWE-444 CWE-393

References

https://www.cloudfoundry.org/blog/cve-2020-5401Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2020-5401Vendor Advisory

FAQ

What is CVE-2020-5401?

CVE-2020-5401 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients tryi...

How severe is CVE-2020-5401?

CVE-2020-5401 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5401?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Routing Release.