CWE
20
Advisory Published
Updated

CVE-2016-8218: Input Validation

First published: Tue Jun 13 2017(Updated: )

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

Credit: security_alert@emc.com

Affected SoftwareAffected VersionHow to fix
Cloudfoundry Cf-release<=203
Cloudfoundry Cf-release=204
Cloudfoundry Cf-release=205
Cloudfoundry Cf-release=206
Cloudfoundry Cf-release=207
Cloudfoundry Cf-release=208
Cloudfoundry Cf-release=209
Cloudfoundry Cf-release=210
Cloudfoundry Cf-release=211
Cloudfoundry Cf-release=212
Cloudfoundry Cf-release=213
Cloudfoundry Cf-release=214
Cloudfoundry Cf-release=215
Cloudfoundry Cf-release=217
Cloudfoundry Cf-release=218
Cloudfoundry Cf-release=219
Cloudfoundry Cf-release=220
Cloudfoundry Cf-release=221
Cloudfoundry Cf-release=222
Cloudfoundry Cf-release=223
Cloudfoundry Cf-release=224
Cloudfoundry Cf-release=225
Cloudfoundry Cf-release=226
Cloudfoundry Cf-release=227
Cloudfoundry Cf-release=228
Cloudfoundry Cf-release=229
Cloudfoundry Cf-release=230
Cloudfoundry Cf-release=231
Cloudfoundry Routing-release<=0.141.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203