CVE-2016-2165 in Elastic Runtimeinfo

Summary

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

01/29/2016

Disclosure

05/25/2017

Moderation

VulDB entry created

Entries

VDB-101777 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.4

EPSS

0.00255

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2165
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2165
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2165/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!