Find out how we can help your digital transformation. Contact us to learn more.
CVE-2016-2165 Loggregator Request URL Paths
Cloud Foundry Foundation, Pivotal Cloud Foundry
- cf-release v231 and lower
- Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20
The Loggregator Traffic Controller endpoints are not cleansing request URL paths when they are invalid and is returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
Users of affected versions should apply the following mitigation:
- Upgrade to cf-release v233  (cf-release v232 is not recommended for use)
- Upgrade Pivotal Elastic Runtime 1.5.x versions to 1.5.19 or later OR 1.6.x versions to 1.6.20 or later
IBM Security, CoreLogic
2016-Mar-23: Initial vulnerability report published