製品・ソフトウェアに関する情報

Vulnerability Search

ベンダー検索

Product/Service Search

JVN Vulnerability Search Top

->

JVN脆弱性詳細

Cloud Foundry Loggregator におけるエラー処理に関する脆弱性

Title	Cloud Foundry Loggregator におけるエラー処理に関する脆弱性
Summary	Cloud Foundry Loggregator には、エラー処理に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 5, 2018, midnight
Registration Date	Aug. 15, 2018, 4:13 p.m.
Last Update	Aug. 15, 2018, 4:13 p.m.

CVSS3.0 : 警告
Score	6.5
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P

Affected System

Cloud Foundry Foundation

Cloud Foundry Loggregator 101.9 未満の 101.x

Cloud Foundry Loggregator 102.2 未満の 102.x

Cloud Foundry Loggregator 89.5 未満の 89.x

Cloud Foundry Loggregator 96.1 未満の 96.x

Cloud Foundry Loggregator 99.1 未満の 99.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Cloud Foundry Foundation
1	CVE-2018-1269: Loggregator does not properly close some TCP connections	https://www.cloudfoundry.org/blog/cve-2018-1269/
Common Vulnerabilities and Exposures (CVE)
2	CVE-2018-1269	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1269
National Vulnerability Database (NVD)
3	CVE-2018-1269	https://nvd.nist.gov/vuln/detail/CVE-2018-1269

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-388	https://cwe.mitre.org/data/definitions/388.html

Change Log

No	Changed Details	Date of change
1	[2018年08月15日] 掲載	Aug. 15, 2018, 4:13 p.m.

NVD Vulnerability Information

CVE-2018-1269

Summary	Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service.
Publication Date	June 7, 2018, 5:29 a.m.
Registration Date	March 1, 2021, 6:50 p.m.
Last Update	Nov. 21, 2024, 12:59 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cloudfoundry:loggregator::::::::		89			89.5
cpe:2.3:a:cloudfoundry:loggregator::::::::		96			96.1
cpe:2.3:a:cloudfoundry:loggregator::::::::		99			99.1
cpe:2.3:a:cloudfoundry:loggregator::::::::		101			101.9
cpe:2.3:a:cloudfoundry:loggregator::::::::		102			102.2

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.cloudfoundry.org/blog/cve-2018-1269		Third Party Advisory
2	https://www.cloudfoundry.org/blog/cve-2018-1269		Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-755	例外的な状態における不適切な処理	https://cwe.mitre.org/data/definitions/755.html