CVE-2016-2169

Published: Apr 18, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.

Affected (2)

Products: Cloudfoundry: Capi Release, Cf Release

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Capi Release	Before 1.0.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cloudfoundry Cf Release	Before 237

Running on/with	Platform Versions
Cloudfoundry Cloud Controller	All versions

Related CWEs

References (2)

https://github.com/cloudfoundry/cloud_controller_ng/issues/568

Source: security_alert@emc.com

Third Party Advisory

https://github.com/cloudfoundry/cloud_controller_ng/issues/568

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.