← back
CVE-2016-2165

CVE-2016-2165

EPSS 0.9%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Patch
Lifecycle
25 May 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
Affected products
Pivotal · Cloud Foundry

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://pivotal.io/security/cve-2016-2165