3 matches found
CVE-2016-0708
CVE-2016-0708 affects Cloud Foundry deployments using the Cloud Foundry Java Buildpack (versions 2.0–3.4). Vulnerable when apps are staged with automatic buildpack detection, pass the Java Buildpack detection script, and serve static content from the deployed artifact; the default Tomcat configur...
CVE-2016-0713
The CVE-2016-0713 entry applies to Cloud Foundry Gorouter in cf-release versions 141–228, where a cross-site scripting (XSS) vulnerability can be exploited when an attacker modifies requests, enabling potential MITM-like behavior and unauthorized operations. Publicly documented impact is XSS via ...
CVE-2016-8218
CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...