X-Forwarded-Proto Header Bypass Vulnerability in Cloud Foundry Routing-Release

X-Forwarded-Proto Header Bypass Vulnerability in Cloud Foundry Routing-Release

CVE-2018-1193 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

Learn more about our User Device Pen Test.