Vulnerability Details CVE-2016-2165
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
Products affected by CVE-2016-2165
-
cpe:2.3:a:cloudfoundry:cf-release:100
-
cpe:2.3:a:cloudfoundry:cf-release:101
-
cpe:2.3:a:cloudfoundry:cf-release:102
-
cpe:2.3:a:cloudfoundry:cf-release:103
-
cpe:2.3:a:cloudfoundry:cf-release:104
-
cpe:2.3:a:cloudfoundry:cf-release:105
-
cpe:2.3:a:cloudfoundry:cf-release:106
-
cpe:2.3:a:cloudfoundry:cf-release:107
-
cpe:2.3:a:cloudfoundry:cf-release:108
-
cpe:2.3:a:cloudfoundry:cf-release:109
-
cpe:2.3:a:cloudfoundry:cf-release:110
-
cpe:2.3:a:cloudfoundry:cf-release:111
-
cpe:2.3:a:cloudfoundry:cf-release:112
-
cpe:2.3:a:cloudfoundry:cf-release:113
-
cpe:2.3:a:cloudfoundry:cf-release:114
-
cpe:2.3:a:cloudfoundry:cf-release:115
-
cpe:2.3:a:cloudfoundry:cf-release:116
-
cpe:2.3:a:cloudfoundry:cf-release:117
-
cpe:2.3:a:cloudfoundry:cf-release:118
-
cpe:2.3:a:cloudfoundry:cf-release:119
-
cpe:2.3:a:cloudfoundry:cf-release:120
-
cpe:2.3:a:cloudfoundry:cf-release:121
-
cpe:2.3:a:cloudfoundry:cf-release:122
-
cpe:2.3:a:cloudfoundry:cf-release:123
-
cpe:2.3:a:cloudfoundry:cf-release:124
-
cpe:2.3:a:cloudfoundry:cf-release:125
-
cpe:2.3:a:cloudfoundry:cf-release:126
-
cpe:2.3:a:cloudfoundry:cf-release:127
-
cpe:2.3:a:cloudfoundry:cf-release:128
-
cpe:2.3:a:cloudfoundry:cf-release:129
-
cpe:2.3:a:cloudfoundry:cf-release:130
-
cpe:2.3:a:cloudfoundry:cf-release:131
-
cpe:2.3:a:cloudfoundry:cf-release:132
-
cpe:2.3:a:cloudfoundry:cf-release:133
-
cpe:2.3:a:cloudfoundry:cf-release:134
-
cpe:2.3:a:cloudfoundry:cf-release:135
-
cpe:2.3:a:cloudfoundry:cf-release:136
-
cpe:2.3:a:cloudfoundry:cf-release:137
-
cpe:2.3:a:cloudfoundry:cf-release:138
-
cpe:2.3:a:cloudfoundry:cf-release:139
-
cpe:2.3:a:cloudfoundry:cf-release:140
-
cpe:2.3:a:cloudfoundry:cf-release:141
-
cpe:2.3:a:cloudfoundry:cf-release:142
-
cpe:2.3:a:cloudfoundry:cf-release:143
-
cpe:2.3:a:cloudfoundry:cf-release:144
-
cpe:2.3:a:cloudfoundry:cf-release:145
-
cpe:2.3:a:cloudfoundry:cf-release:146
-
cpe:2.3:a:cloudfoundry:cf-release:147
-
cpe:2.3:a:cloudfoundry:cf-release:148
-
cpe:2.3:a:cloudfoundry:cf-release:149
-
cpe:2.3:a:cloudfoundry:cf-release:150
-
cpe:2.3:a:cloudfoundry:cf-release:151
-
cpe:2.3:a:cloudfoundry:cf-release:152
-
cpe:2.3:a:cloudfoundry:cf-release:153
-
cpe:2.3:a:cloudfoundry:cf-release:154
-
cpe:2.3:a:cloudfoundry:cf-release:155
-
cpe:2.3:a:cloudfoundry:cf-release:156
-
cpe:2.3:a:cloudfoundry:cf-release:157
-
cpe:2.3:a:cloudfoundry:cf-release:158
-
cpe:2.3:a:cloudfoundry:cf-release:159
-
cpe:2.3:a:cloudfoundry:cf-release:160
-
cpe:2.3:a:cloudfoundry:cf-release:161
-
cpe:2.3:a:cloudfoundry:cf-release:162
-
cpe:2.3:a:cloudfoundry:cf-release:163
-
cpe:2.3:a:cloudfoundry:cf-release:164
-
cpe:2.3:a:cloudfoundry:cf-release:165
-
cpe:2.3:a:cloudfoundry:cf-release:166
-
cpe:2.3:a:cloudfoundry:cf-release:167
-
cpe:2.3:a:cloudfoundry:cf-release:168
-
cpe:2.3:a:cloudfoundry:cf-release:169
-
cpe:2.3:a:cloudfoundry:cf-release:170
-
cpe:2.3:a:cloudfoundry:cf-release:171
-
cpe:2.3:a:cloudfoundry:cf-release:172
-
cpe:2.3:a:cloudfoundry:cf-release:173
-
cpe:2.3:a:cloudfoundry:cf-release:174
-
cpe:2.3:a:cloudfoundry:cf-release:175
-
cpe:2.3:a:cloudfoundry:cf-release:176
-
cpe:2.3:a:cloudfoundry:cf-release:177
-
cpe:2.3:a:cloudfoundry:cf-release:178
-
cpe:2.3:a:cloudfoundry:cf-release:179
-
cpe:2.3:a:cloudfoundry:cf-release:180
-
cpe:2.3:a:cloudfoundry:cf-release:181
-
cpe:2.3:a:cloudfoundry:cf-release:182
-
cpe:2.3:a:cloudfoundry:cf-release:183
-
cpe:2.3:a:cloudfoundry:cf-release:184
-
cpe:2.3:a:cloudfoundry:cf-release:185
-
cpe:2.3:a:cloudfoundry:cf-release:186
-
cpe:2.3:a:cloudfoundry:cf-release:187
-
cpe:2.3:a:cloudfoundry:cf-release:188
-
cpe:2.3:a:cloudfoundry:cf-release:189
-
cpe:2.3:a:cloudfoundry:cf-release:190
-
cpe:2.3:a:cloudfoundry:cf-release:191
-
cpe:2.3:a:cloudfoundry:cf-release:192
-
cpe:2.3:a:cloudfoundry:cf-release:193
-
cpe:2.3:a:cloudfoundry:cf-release:194
-
cpe:2.3:a:cloudfoundry:cf-release:195
-
cpe:2.3:a:cloudfoundry:cf-release:196
-
cpe:2.3:a:cloudfoundry:cf-release:197
-
cpe:2.3:a:cloudfoundry:cf-release:198
-
cpe:2.3:a:cloudfoundry:cf-release:199
-
cpe:2.3:a:cloudfoundry:cf-release:200
-
cpe:2.3:a:cloudfoundry:cf-release:201
-
cpe:2.3:a:cloudfoundry:cf-release:202
-
cpe:2.3:a:cloudfoundry:cf-release:203
-
cpe:2.3:a:cloudfoundry:cf-release:204
-
cpe:2.3:a:cloudfoundry:cf-release:205
-
cpe:2.3:a:cloudfoundry:cf-release:206
-
cpe:2.3:a:cloudfoundry:cf-release:207
-
cpe:2.3:a:cloudfoundry:cf-release:208
-
cpe:2.3:a:cloudfoundry:cf-release:209
-
cpe:2.3:a:cloudfoundry:cf-release:210
-
cpe:2.3:a:cloudfoundry:cf-release:211
-
cpe:2.3:a:cloudfoundry:cf-release:212
-
cpe:2.3:a:cloudfoundry:cf-release:213
-
cpe:2.3:a:cloudfoundry:cf-release:214
-
cpe:2.3:a:cloudfoundry:cf-release:215
-
cpe:2.3:a:cloudfoundry:cf-release:216
-
cpe:2.3:a:cloudfoundry:cf-release:217
-
cpe:2.3:a:cloudfoundry:cf-release:218
-
cpe:2.3:a:cloudfoundry:cf-release:219
-
cpe:2.3:a:cloudfoundry:cf-release:220
-
cpe:2.3:a:cloudfoundry:cf-release:221
-
cpe:2.3:a:cloudfoundry:cf-release:222
-
cpe:2.3:a:cloudfoundry:cf-release:223
-
cpe:2.3:a:cloudfoundry:cf-release:224
-
cpe:2.3:a:cloudfoundry:cf-release:225
-
cpe:2.3:a:cloudfoundry:cf-release:226
-
cpe:2.3:a:cloudfoundry:cf-release:227
-
cpe:2.3:a:cloudfoundry:cf-release:228
-
cpe:2.3:a:cloudfoundry:cf-release:229
-
cpe:2.3:a:cloudfoundry:cf-release:230
-
cpe:2.3:a:cloudfoundry:cf-release:231
-
cpe:2.3:a:cloudfoundry:cf-release:68
-
cpe:2.3:a:cloudfoundry:cf-release:69
-
cpe:2.3:a:cloudfoundry:cf-release:70
-
cpe:2.3:a:cloudfoundry:cf-release:71
-
cpe:2.3:a:cloudfoundry:cf-release:72
-
cpe:2.3:a:cloudfoundry:cf-release:73
-
cpe:2.3:a:cloudfoundry:cf-release:74
-
cpe:2.3:a:cloudfoundry:cf-release:75
-
cpe:2.3:a:cloudfoundry:cf-release:76
-
cpe:2.3:a:cloudfoundry:cf-release:77
-
cpe:2.3:a:cloudfoundry:cf-release:78
-
cpe:2.3:a:cloudfoundry:cf-release:79
-
cpe:2.3:a:cloudfoundry:cf-release:80
-
cpe:2.3:a:cloudfoundry:cf-release:81
-
cpe:2.3:a:cloudfoundry:cf-release:82
-
cpe:2.3:a:cloudfoundry:cf-release:83
-
cpe:2.3:a:cloudfoundry:cf-release:84
-
cpe:2.3:a:cloudfoundry:cf-release:85
-
cpe:2.3:a:cloudfoundry:cf-release:86
-
cpe:2.3:a:cloudfoundry:cf-release:87
-
cpe:2.3:a:cloudfoundry:cf-release:88
-
cpe:2.3:a:cloudfoundry:cf-release:89
-
cpe:2.3:a:cloudfoundry:cf-release:90
-
cpe:2.3:a:cloudfoundry:cf-release:91
-
cpe:2.3:a:cloudfoundry:cf-release:92
-
cpe:2.3:a:cloudfoundry:cf-release:93
-
cpe:2.3:a:cloudfoundry:cf-release:94
-
cpe:2.3:a:cloudfoundry:cf-release:95
-
cpe:2.3:a:cloudfoundry:cf-release:96
-
cpe:2.3:a:cloudfoundry:cf-release:97
-
cpe:2.3:a:cloudfoundry:cf-release:98
-
cpe:2.3:a:cloudfoundry:cf-release:99
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.4.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.4.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.11
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.12
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.13
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.14
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.15
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.16
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.18
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.9
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9