PT-2017-8010 · Pivotal+1 · Pivotal Elastic Runtime+1
Publicado
2017-05-25
·
Atualizado
2021-08-25
·
CVE-2016-2165
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Pivotal Elastic Runtime versions prior to 1.5.19
Pivotal Elastic Runtime versions 1.6.x prior to 1.6.20
cf-release versions prior to v231
Description
The issue concerns the Loggregator Traffic Controller endpoints, which are not properly cleansing request URL paths when they are invalid. As a result, these invalid paths are returned in the 404 response, potentially allowing malicious scripts to be injected directly into the response.
Recommendations
For Pivotal Elastic Runtime versions prior to 1.5.19, update to version 1.5.19 or later.
For Pivotal Elastic Runtime versions 1.6.x prior to 1.6.20, update to version 1.6.20 or later.
For cf-release versions prior to v231, update to version v231 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pivotal Elastic Runtime
Cf-Release