What is CVE-2016-2165?

CVE-2016-2165 is a medium-severity vulnerability in Cloudfoundry Cf-release, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2017-05-25.

How severe is CVE-2016-2165?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Improper input validation in Cloudfoundry Cf-release

CVE-2016-2165

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (49.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

Cloudfoundry Cf-release
Pivotal Cloud Foundry — versions Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20, cf-release v231 and lower
Pivotal_software Cloud_foundry_elastic_runtime — versions 1.6.0, 1.6.1, 1.6.2

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-2165?: CVE-2016-2165 is a medium-severity vulnerability in Cloudfoundry Cf-release, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2017-05-25.
How severe is CVE-2016-2165?: Medium severity. CVSS v3 base score is 6.5 out of 10.