CVE-2018-1221 in Pivotal Software and Cloudfoundry Products
Published on March 19, 2018

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.

NVD

Products Associated with CVE-2018-1221

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1221 are published in these products:

Pivotal Software Cf Deployment

Pivotal Software Routing Release

Cloudfoundry Cf Deployment

Cloudfoundry Routing Release

Affected Versions

Dell EMC The Cloud Foundry Gorouter:

Version cf-deployment - All versions prior to 1.14.0 is affected.
Version routing-release - All versions prior to 0.172.0 is affected.

Exploit Probability

EPSS

0.36%

Percentile

57.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1221 in Pivotal Software and Cloudfoundry ProductsPublished on March 19, 2018

Products Associated with CVE-2018-1221

Affected Versions

Exploit Probability

CVE-2018-1221 in Pivotal Software and Cloudfoundry Products
Published on March 19, 2018