[SECURITY][MEDIUM] CVE-2016-2165 - Loggregator Request URL Paths

Home Messages Hashtags Subgroups

Chip Childers <cchilders@...> #4304 CVE-2016-2165 - Loggregator Request URL Paths Severity Medium Vendor Cloud Foundry Foundation Versions Affected - cf-release v231 and lower Description The Loggregator Traffic Controller endpoints are not cleansing request URL paths when they are invalid and is returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response. Mitigation - Upgrade to cf-release v233 [1] (cf-release v232 is not recommended for use) Credit IBM Security, Corelogic References [1] https://github.com/cloudfoundry/cf-release/releases/tag/v233 History 2016-Mar-23: Initial vulnerability report published attachment.html
More All Messages By This Member

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.