Return of Wrong Status Code

CVE-2020-5401

Medium

5.3/10

Summary

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-393 - Return of Wrong Status Code

A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.

References

Advisory Timeline

Published Feb 27, 2020

Return of Wrong Status Code

CVE-2020-5401

Summary

CWE-393 - Return of Wrong Status Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS