CVE-2016-2165

Published: May 25, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.

Vendor	Product	Versions
Pivotal	Cloud Foundry	affected `cf-release v231 and lower` affected `Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20`

References

https://pivotal.io/security/cve-2016-2165

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-2165

Description

Affected Products

References