Request URL Path Exposure in Pivotal Elastic Runtime and Loggregator Traffic Controller
CVE-2016-2165
6.5MEDIUM
What is CVE-2016-2165?
The Loggregator Traffic Controller in Pivotal Elastic Runtime prior to specific versions lacks proper request URL path cleansing for invalid requests. This flaw can inadvertently expose sensitive information in 404 error responses, potentially allowing malicious scripts to be inserted into the response. The vulnerability primarily affects cf-release versions up to v231 and the Elastic Runtime versions prior to 1.5.19 and 1.6.x versions before 1.6.20, highlighting the necessity for prompt updates and security patches.
Affected Version(s)
Cloud Foundry cf-release v231 and lower
Cloud Foundry Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20
