Vulnerability Details : CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2016-0713
- cpe:2.3:a:cloudfoundry:cf-release:224:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:223:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:222:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:221:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:207:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:206:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:205:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:204:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:191:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:190:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:189:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:188:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:187:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:174:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:173:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:172:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:171:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:157:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:156:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:155:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:154:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:216:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:215:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:214:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:213:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:199:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:198:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:197:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:196:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:182:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:181:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:180:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:179:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:166:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:165:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:164:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:163:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:162:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:149:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:148:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:147:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:146:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:227:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:225:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:220:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:218:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:211:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:209:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:202:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:200:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:195:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:193:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:186:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:184:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:177:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:175:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:170:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:168:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:161:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:159:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:152:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:150:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:145:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:143:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:141:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:228:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:226:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:219:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:217:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:212:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:210:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:208:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:203:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:201:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:194:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:192:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:185:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:183:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:178:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:176:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:169:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:167:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:160:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:158:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:153:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:151:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:144:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cf-release:142:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0713
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0713
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:P/A:N |
4.9
|
2.9
|
NIST | |
4.7
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.6
|
2.7
|
NIST |
CWE ids for CVE-2016-0713
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0713
-
https://lists.cloudfoundry.org/archives/list/cf-dev@lists.cloudfoundry.org/thread/VWDLUNTDKW5CW5JWEM5BOHLJ3J32TAFF/
cf-dev@lists.cloudfoundry.org | HomeVendor Advisory
-
https://bosh.io/releases/github.com/cloudfoundry/cf-release?version=229
Cloud Foundry BOSHRelease Notes;Third Party Advisory
Jump to