A vulnerability was found in Cloud Foundry Stratos up to 2.2.x (Cloud Software) and classified as critical. This issue affects some unknown processing of the component Session Handler. The manipulation with an unknown input leads to a session fixiation vulnerability. Using CWE to declare the problem leads to CWE-384. Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.

The bug was discovered 02/19/2019. The weakness was shared 03/07/2019 (Website). It is possible to read the advisory at cloudfoundry.org. The identification of this vulnerability is CVE-2019-3784 since 01/03/2019. The attack may be initiated remotely. Required for exploitation is a simple authentication. The technical details are unknown and an exploit is not publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 16 days. During that time the estimated underground price was around $0-$5k.

Upgrading to version 2.3.0 eliminates this vulnerability.

The entry 131458 is related to this item.

Productinfo

Type

• Cloud Software

Name

• Cloud Foundry Stratos

Version

• 2.0
• 2.1
• 2.2

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion