CVE-2016-2165: Input Validation
First published: Thu May 25 2017(Updated: )
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Cf-release | <=231 | |
| Pivotal Software Cloud Foundry Elastic Runtime | <=1.5.18 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.0 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.1 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.2 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.3 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.4 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.5 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.6 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.7 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.8 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.9 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.10 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.11 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.12 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.13 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.14 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.15 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.16 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.17 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.18 | |
| Pivotal Software Cloud Foundry Elastic Runtime | =1.6.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cloudfoundry
- canonical/cloudfoundry cf-release
- version/cloudfoundry cf-release/231
- vendor/pivotal software
- canonical/pivotal software cloud foundry elastic runtime
- version/pivotal software cloud foundry elastic runtime/1.5.18
- version/pivotal software cloud foundry elastic runtime/1.6.0
- version/pivotal software cloud foundry elastic runtime/1.6.1
- version/pivotal software cloud foundry elastic runtime/1.6.2
- version/pivotal software cloud foundry elastic runtime/1.6.3
- version/pivotal software cloud foundry elastic runtime/1.6.4
- version/pivotal software cloud foundry elastic runtime/1.6.5
- version/pivotal software cloud foundry elastic runtime/1.6.6
- version/pivotal software cloud foundry elastic runtime/1.6.7
- version/pivotal software cloud foundry elastic runtime/1.6.8
- version/pivotal software cloud foundry elastic runtime/1.6.9
- version/pivotal software cloud foundry elastic runtime/1.6.10
- version/pivotal software cloud foundry elastic runtime/1.6.11
- version/pivotal software cloud foundry elastic runtime/1.6.12
- version/pivotal software cloud foundry elastic runtime/1.6.13
- version/pivotal software cloud foundry elastic runtime/1.6.14
- version/pivotal software cloud foundry elastic runtime/1.6.15
- version/pivotal software cloud foundry elastic runtime/1.6.16
- version/pivotal software cloud foundry elastic runtime/1.6.17
- version/pivotal software cloud foundry elastic runtime/1.6.18
- version/pivotal software cloud foundry elastic runtime/1.6.19