Medium
Cloud Foundry Foundation, VMware Cloud Foundry
The Loggregator Traffic Controller endpoints are not cleansing request URL paths when they are invalid and is returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.
Users of affected versions should apply the following mitigation:
IBM Security, CoreLogic
History
2016-Mar-23: Initial vulnerability report published to pivotal.io
2017-Sep-09: Initial vulnerability report published to cloudfoundry.org