Details of VAR-202009-1291

ID

VAR-202009-1291

CVE

CVE-2020-5420

TITLE

Cloud Foundry Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202009-273

DESCRIPTION

Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters. Cloud Foundry is an open source platform as a service (PaaS) cloud computing platform of the Cloud Foundry Foundation in the United States. The product provides features such as container scheduling, continuous delivery, and automated service deployment. Routing is one of the routing components. There is a security vulnerability in Cloud Foundry Routing (Gorouter) versions earlier than 0.206.0. Attackers can use this vulnerability to cause the CF cluster to crash

Trust: 1.08

sources: NVD: CVE-2020-5420 // VULHUB: VHN-183545 // VULMON: CVE-2020-5420

AFFECTED PRODUCTS

vendor:	cloudfoundry	model:	cf-deployment	scope:	lt	version:	13.15.0	Trust: 1.0
vendor:	cloudfoundry	model:	gorouter	scope:	lt	version:	0.206.0	Trust: 1.0

sources: NVD: CVE-2020-5420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5420
value:	HIGH
Trust: 1.0
security@pivotal.io:	CVE-2020-5420
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202009-273
value:	HIGH
Trust: 0.6
VULHUB:	VHN-183545
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-5420
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5420
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-183545
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5420
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.1
Trust: 1.0
security@pivotal.io:	CVE-2020-5420
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-183545 // VULMON: CVE-2020-5420 // CNNVD: CNNVD-202009-273 // NVD: CVE-2020-5420 // NVD: CVE-2020-5420

PROBLEMTYPE DATA

problemtype:

CWE-754

Trust: 1.1

sources: VULHUB: VHN-183545 // NVD: CVE-2020-5420

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-273

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202009-273

PATCH

title:

Cloud Foundry Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127454

Trust: 0.6

sources: CNNVD: CNNVD-202009-273

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5420	Trust: 1.8
db:	CNNVD	id:	CNNVD-202009-273	Trust: 0.7
db:	VULHUB	id:	VHN-183545	Trust: 0.1
db:	VULMON	id:	CVE-2020-5420	Trust: 0.1

sources: VULHUB: VHN-183545 // VULMON: CVE-2020-5420 // CNNVD: CNNVD-202009-273 // NVD: CVE-2020-5420

REFERENCES

url:	https://www.cloudfoundry.org/blog/cve-2020-5420	Trust: 1.8
url:	https://tanzu.vmware.com/security/cve-2020-5420	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/754.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-183545 // VULMON: CVE-2020-5420 // CNNVD: CNNVD-202009-273 // NVD: CVE-2020-5420

SOURCES

db:	VULHUB	id:	VHN-183545
db:	VULMON	id:	CVE-2020-5420
db:	CNNVD	id:	CNNVD-202009-273
db:	NVD	id:	CVE-2020-5420

LAST UPDATE DATE

2024-11-23T22:58:08.887000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183545	date:	2020-09-11T00:00:00
db:	VULMON	id:	CVE-2020-5420	date:	2020-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202009-273	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-5420	date:	2024-11-21T05:34:08.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183545	date:	2020-09-03T00:00:00
db:	VULMON	id:	CVE-2020-5420	date:	2020-09-03T00:00:00
db:	CNNVD	id:	CNNVD-202009-273	date:	2020-09-03T00:00:00
db:	NVD	id:	CVE-2020-5420	date:	2020-09-03T01:15:10.857