← back
CVE-2018-1221

CVE-2018-1221

EPSS 1.2%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.2%KEV nãoPoC Patch
Lifecycle
19 Mar 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.
Affected products
Dell EMC · The Cloud Foundry Gorouter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cloudfoundry.org/blog/cve-2018-1221/