Cache poisoning in Cloud Foundry CF Deployment and Routing Release

1) Spoofing attack

EUVDB-ID: #VU25577

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-5401

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in GoRouter. A remote attacker can spoof page content, send invalid headers and cause caching layers to reject subsequent legitimate clients trying to access the app.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CF Deployment: 12.0.0 - 12.26.0

Routing Release: 0.62.0 - 0.196.0

CPE2.3

• cpe:2.3:a:cloud_foundry_foundation:cf_deployment:12.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:cloud_foundry_foundation:cf_deployment:12.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:cloud_foundry_foundation:cf_deployment:12.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:cloud_foundry_foundation:routing_release:0.62.0:*:*:*:*:*:*:*
• cpe:2.3:a:cloud_foundry_foundation:routing_release:0.66.0:*:*:*:*:*:*:*
• cpe:2.3:a:cloud_foundry_foundation:routing_release:0.69.0:*:*:*:*:*:*:*

External links

https://www.cloudfoundry.org/blog/cve-2020-5401/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.