The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially ove