CVE-2016-0713

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 1.6 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://bosh.io/releases/github.com/cloudfoundry/cf-release?version=229 Release Notes Third Party Advisory
https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/VWDLUNTDKW5CW5JWEM5BOHLJ3J32TAFF/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cloudfoundry:cf-release:141:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:142:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:143:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:144:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:145:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:146:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:147:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:148:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:149:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:150:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:151:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:152:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:153:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:154:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:155:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:156:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:157:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:158:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:159:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:160:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:161:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:162:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:163:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:164:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:165:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:166:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:167:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:168:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:169:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:170:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:171:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:172:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:173:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:174:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:175:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:176:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:177:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:178:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:179:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:180:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:181:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:182:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:183:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:184:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:185:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:186:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:187:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:188:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:189:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:190:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:191:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:192:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:193:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:194:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:195:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:196:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:197:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:198:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:199:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:200:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:201:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:202:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:203:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:204:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:205:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:206:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:207:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:208:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:209:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:210:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:211:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:212:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:213:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:214:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:215:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:216:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:217:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:218:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:219:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:220:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:221:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:222:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:223:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:224:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:225:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:226:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:227:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:228:*:*:*:*:*:*:*
History

07 Nov 2023, 02:29

Type Values Removed Values Added
References
  • {'url': 'https://lists.cloudfoundry.org/archives/list/cf-dev@lists.cloudfoundry.org/thread/VWDLUNTDKW5CW5JWEM5BOHLJ3J32TAFF/', 'name': '[cf-dev] 20160201 CVE-2016-0713 Gorouter XSS', 'tags': ['Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/VWDLUNTDKW5CW5JWEM5BOHLJ3J32TAFF/ -
Information

Published : 2017-08-31 14:29

Updated : 2023-12-10 12:15

NVD link : CVE-2016-0713

Mitre link : CVE-2016-0713

CVE.ORG link : CVE-2016-0713

JSON object : View

Products Affected

cloudfoundry

  • cf-release
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')