Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter
Vulnerability Description
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry Routing 安全漏洞
Vulnerability Description
Cloud Foundry是美国Cloud Foundry基金会的一套开源的平台即服务(PaaS)云计算平台。该产品提供容器调度、持续交付和自动化服务部署等功能。 Cloud Foundry Routing 0.278.0之前版本存在安全漏洞,该漏洞源于容易受到HTTP逐跳标头的滥用,未经身份验证的攻击者可以利用B3或X-B3-SpanID等标头影响日志中记录的标识值。
CVSS Information
N/A
Vulnerability Type
N/A