3 matches found
CVE-2016-2165
CVE-2016-2165 affects Cloud Foundry cf-release legacy branches: cf-release v231 and older, plus Pivotal Elastic Runtime versions before 1.5.19 and 1.6.x before 1.6.20. The Loggregator Traffic Controller endpoints do not cleanse invalid request URL paths, and these paths are echoed in 404 response...
CVE-2016-0780
CVE-2016-0780 affects cf-release v231 and earlier and Pivotal Cloud Foundry Elastic Runtime: 1.5.x versions before 1.5.17 and 1.6.x versions before 1.6.18. The root cause is improper enforcement of disk quotas, allowing an attacker to use an incorrect quota value to bypass enforcement and exhaust...
CVE-2016-8218
CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...