CVE-2016-0713

CVSS V2 Low 2.6 CVSS V3 Medium 4.7
Description
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.
Overview
  • CVE ID
  • CVE-2016-0713
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2017-08-31T14:29:00
  • Last Modified Date
  • 2017-09-05T18:48:55
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cloudfoundry:cf-release:141:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:142:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:143:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:144:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:145:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:146:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:147:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:148:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:149:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:150:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:151:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:152:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:153:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:154:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:155:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:156:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:157:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:158:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:159:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:160:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:161:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:162:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:163:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:164:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:165:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:166:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:167:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:168:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:169:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:170:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:171:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:172:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:173:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:174:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:175:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:176:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:177:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:178:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:179:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:180:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:181:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:182:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:183:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:184:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:185:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:186:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:187:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:188:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:189:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:190:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:191:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:192:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:193:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:194:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:195:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:196:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:197:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:198:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:199:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:200:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:201:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:202:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:203:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:204:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:205:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:206:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:207:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:208:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:209:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:210:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:211:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:212:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:213:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:214:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:215:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:216:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:217:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:218:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:219:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:220:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:221:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:222:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:223:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:224:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:225:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:226:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:227:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cloudfoundry:cf-release:228:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 2.6
  • Severity
  • LOW
  • Exploitability Score
  • 4.9
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 4.7
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 1.6
  • Impact Score
  • 2.7
References
Reference URL Reference Tags
https://lists.cloudfoundry.org/archives/list/cf-dev@lists.cloudfoundry.org/thread/VWDLUNTDKW5CW5JWEM5BOHLJ3J32TAFF/ Vendor Advisory
https://bosh.io/releases/github.com/cloudfoundry/cf-release?version=229 Release Notes Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2016-0713
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0713
History
Created Old Value New Value Data Type Notes
2022-05-10 08:40:54 Added to TrackCVE
2022-12-02 20:30:36 2017-08-31T14:29Z 2017-08-31T14:29:00 CVE Published Date updated
2022-12-02 20:30:36 2017-09-05T18:48:55 CVE Modified Date updated
2022-12-02 20:30:36 Analyzed Vulnerability Status updated