惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

宝玉的分享
宝玉的分享
NISL@THU
NISL@THU
E
Exploit-DB.com RSS Feed
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
K
Kaspersky official blog
Project Zero
Project Zero
Cisco Talos Blog
Cisco Talos Blog
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
S
Schneier on Security
G
GRAHAM CLULEY
The Hacker News
The Hacker News
T
Threat Research - Cisco Blogs
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
T
Tor Project blog
AWS News Blog
AWS News Blog
Simon Willison's Weblog
Simon Willison's Weblog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
爱范儿
爱范儿
P
Privacy International News Feed
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
S
Securelist
G
Google Developers Blog
The Last Watchdog
The Last Watchdog
Google Online Security Blog
Google Online Security Blog
美团技术团队
F
Fortinet All Blogs
小众软件
小众软件
Recorded Future
Recorded Future
V
Visual Studio Blog
B
Blog RSS Feed
H
Help Net Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Google DeepMind News
Google DeepMind News
Blog — PlanetScale
Blog — PlanetScale
博客园 - 聂微东
Stack Overflow Blog
Stack Overflow Blog
Martin Fowler
Martin Fowler
Latest news
Latest news
Spread Privacy
Spread Privacy
H
Heimdal Security Blog

Cloud Foundry

USN-4436-1: librsvg vulnerabilities USN-4428-1: Python vulnerabilities USN-4436-2: librsvg regression USN-4431-1: FFmpeg vulnerabilities CVE-2019-3801: Java Projects using HTTP to fetch dependencies
CVE-2019-15225/15226: Envoy 1.11.1 vulnerability fixes
Cloud Foundry Foundation Security Team · 2019-11-12 · via Cloud Foundry

Severity

High

Vendor

Cloud Foundry Foundation

Description

Cloud Foundry Diego, versions prior to 2.39.0, consumes a vulnerable version of Envoy which is vulnerable to a denial-of-service attack. A remote unauthenticated malicious user may craft requests with a large number of headers to consume excess CPU or may send a request with a very long URI to consume excess memory. CF Deployment, versions prior to 12.2.0, is affected through its consumption of Diego.

Affected Cloud Foundry Products and Versions

  • Diego
    • All versions prior to v2.39.0
  • CF Deployment
    • All versions prior to v12.2.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • Diego
    • Upgrade All versions to v2.39.0 or greater
  • CF Deployment
    • Upgrade All versions to v12.2.0 or greater

References

History

2019-11-11: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Sign up for the
Cloud Foundry Newsletter today!

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。