CVE-2016-0713

EPSS 0.24%
Veröffentlicht 31.08.2017 14:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudfoundry ≫ Cf-release Version141

Cloudfoundry ≫ Cf-release Version142

Cloudfoundry ≫ Cf-release Version143

Cloudfoundry ≫ Cf-release Version144

Cloudfoundry ≫ Cf-release Version145

Cloudfoundry ≫ Cf-release Version146

Cloudfoundry ≫ Cf-release Version147

Cloudfoundry ≫ Cf-release Version148

Cloudfoundry ≫ Cf-release Version149

Cloudfoundry ≫ Cf-release Version150

Cloudfoundry ≫ Cf-release Version151

Cloudfoundry ≫ Cf-release Version152

Cloudfoundry ≫ Cf-release Version153

Cloudfoundry ≫ Cf-release Version154

Cloudfoundry ≫ Cf-release Version155

Cloudfoundry ≫ Cf-release Version156

Cloudfoundry ≫ Cf-release Version157

Cloudfoundry ≫ Cf-release Version158

Cloudfoundry ≫ Cf-release Version159

Cloudfoundry ≫ Cf-release Version160

Cloudfoundry ≫ Cf-release Version161

Cloudfoundry ≫ Cf-release Version162

Cloudfoundry ≫ Cf-release Version163

Cloudfoundry ≫ Cf-release Version164

Cloudfoundry ≫ Cf-release Version165

Cloudfoundry ≫ Cf-release Version166

Cloudfoundry ≫ Cf-release Version167

Cloudfoundry ≫ Cf-release Version168

Cloudfoundry ≫ Cf-release Version169

Cloudfoundry ≫ Cf-release Version170

Cloudfoundry ≫ Cf-release Version171

Cloudfoundry ≫ Cf-release Version172

Cloudfoundry ≫ Cf-release Version173

Cloudfoundry ≫ Cf-release Version174

Cloudfoundry ≫ Cf-release Version175

Cloudfoundry ≫ Cf-release Version176

Cloudfoundry ≫ Cf-release Version177

Cloudfoundry ≫ Cf-release Version178

Cloudfoundry ≫ Cf-release Version179

Cloudfoundry ≫ Cf-release Version180

Cloudfoundry ≫ Cf-release Version181

Cloudfoundry ≫ Cf-release Version182

Cloudfoundry ≫ Cf-release Version183

Cloudfoundry ≫ Cf-release Version184

Cloudfoundry ≫ Cf-release Version185

Cloudfoundry ≫ Cf-release Version186

Cloudfoundry ≫ Cf-release Version187

Cloudfoundry ≫ Cf-release Version188

Cloudfoundry ≫ Cf-release Version189

Cloudfoundry ≫ Cf-release Version190

Cloudfoundry ≫ Cf-release Version191

Cloudfoundry ≫ Cf-release Version192

Cloudfoundry ≫ Cf-release Version193

Cloudfoundry ≫ Cf-release Version194

Cloudfoundry ≫ Cf-release Version195

Cloudfoundry ≫ Cf-release Version196

Cloudfoundry ≫ Cf-release Version197

Cloudfoundry ≫ Cf-release Version198

Cloudfoundry ≫ Cf-release Version199

Cloudfoundry ≫ Cf-release Version200

Cloudfoundry ≫ Cf-release Version201

Cloudfoundry ≫ Cf-release Version202

Cloudfoundry ≫ Cf-release Version203

Cloudfoundry ≫ Cf-release Version204

Cloudfoundry ≫ Cf-release Version205

Cloudfoundry ≫ Cf-release Version206

Cloudfoundry ≫ Cf-release Version207

Cloudfoundry ≫ Cf-release Version208

Cloudfoundry ≫ Cf-release Version209

Cloudfoundry ≫ Cf-release Version210

Cloudfoundry ≫ Cf-release Version211

Cloudfoundry ≫ Cf-release Version212

Cloudfoundry ≫ Cf-release Version213

Cloudfoundry ≫ Cf-release Version214

Cloudfoundry ≫ Cf-release Version215

Cloudfoundry ≫ Cf-release Version216

Cloudfoundry ≫ Cf-release Version217

Cloudfoundry ≫ Cf-release Version218

Cloudfoundry ≫ Cf-release Version219

Cloudfoundry ≫ Cf-release Version220

Cloudfoundry ≫ Cf-release Version221

Cloudfoundry ≫ Cf-release Version222

Cloudfoundry ≫ Cf-release Version223

Cloudfoundry ≫ Cf-release Version224

Cloudfoundry ≫ Cf-release Version225

Cloudfoundry ≫ Cf-release Version226

Cloudfoundry ≫ Cf-release Version227

Cloudfoundry ≫ Cf-release Version228

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.445

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1.6	2.7	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://bosh.io/releases/github.com/cloudfoundry/cf-release?version=229

Third Party Advisory

Release Notes

https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/VWDLUNTDKW5CW5JWEM5BOHLJ3J32TAFF/

https://nvd.nist.gov/vuln/detail/CVE-2016-0713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0713

EUVD