Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108104 | Third Party Advisory VDB Entry |
https://www.cloudfoundry.org/blog/cve-2019-3801 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2019-04-25T00:00:00
Updated: 2019-04-30T13:06:03
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3801
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-25T21:29:00.823
Modified: 2021-10-29T19:45:32.623
Link: CVE-2019-3801
JSON object: View
Redhat Information
No data.