CVE-2018-1269
Last modified
CVE-2018-1269 is a vulnerability of currently unknown severity. Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.. EPSS estimates a 1.06% chance of exploitation in the next 30 days.
Description
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Loggregator | >= 89, < 89.5 |
| Cloudfoundry | Loggregator | >= 96, < 96.1 |
| Cloudfoundry | Loggregator | >= 99, < 99.1 |
| Cloudfoundry | Loggregator | >= 101, < 101.9 |
| Cloudfoundry | Loggregator | >= 102, < 102.2 |
References
- https://www.cloudfoundry.org/blog/cve-2018-1269Third Party Advisory
- https://www.cloudfoundry.org/blog/cve-2018-1269Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1269?
How severe is CVE-2018-1269?
How do I fix CVE-2018-1269?
Are you affected by CVE-2018-1269?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST