cvelist/2020/5xxx/CVE-2020-5401.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ASSIGNER": "security@pivotal.io",
        "DATE_PUBLIC": "2020-02-24T00:00:00.000Z",
        "ID": "CVE-2020-5401",
        "STATE": "PUBLIC",
        "TITLE": "Cloud Foundry GoRouter is vulnerable to cache poisoning"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Routing",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "0.197.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cloud Foundry"
                }
            ]
        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-393: Return of Wrong Status Code"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "url": "https://www.cloudfoundry.org/blog/cve-2020-5401",
                "name": "https://www.cloudfoundry.org/blog/cve-2020-5401"
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
        }
    }
}
"-Synchronized-Data." 2020-01-03 21:01:04 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
Add CVE-2020-5400, CVE-2020-5401, and CVE-2020-5402. 2020-02-26 17:31:26 -08:00			`"ASSIGNER": "security@pivotal.io",`
			`"DATE_PUBLIC": "2020-02-24T00:00:00.000Z",`
"-Synchronized-Data." 2020-01-03 21:01:04 +00:00			`"ID": "CVE-2020-5401",`
Add CVE-2020-5400, CVE-2020-5401, and CVE-2020-5402. 2020-02-26 17:31:26 -08:00			`"STATE": "PUBLIC",`
			`"TITLE": "Cloud Foundry GoRouter is vulnerable to cache poisoning"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Routing",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<",`
			`"version_value": "0.197.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Cloud Foundry"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2020-01-03 21:01:04 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Add CVE-2020-5400, CVE-2020-5401, and CVE-2020-5402. 2020-02-26 17:31:26 -08:00			`"value": "Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-393: Return of Wrong Status Code"`
			`}`
			`]`
"-Synchronized-Data." 2020-01-03 21:01:04 +00:00			`}`
			`]`
Add CVE-2020-5400, CVE-2020-5401, and CVE-2020-5402. 2020-02-26 17:31:26 -08:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "CONFIRM",`
			`"url": "https://www.cloudfoundry.org/blog/cve-2020-5401",`
			`"name": "https://www.cloudfoundry.org/blog/cve-2020-5401"`
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",`
			`"version": "3.0"`
			`}`
"-Synchronized-Data." 2020-01-03 21:01:04 +00:00			`}`
			`}`