CVE-2016-2169 — MEDIUM (5.3)

Q: How severe is CVE-2016-2169?

CVE-2016-2169 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2169?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Capi-Release, Cloudfoundry Cloud Controller, Cloudfoundry Cf-Release.

Vulnerability Description

Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Cloudfoundry	Capi-Release	< 1.0.0
Cloudfoundry	Cloud Controller	-
Cloudfoundry	Cf-Release	< 237

Related Weaknesses (CWE)

CWE-17

References

https://github.com/cloudfoundry/cloud_controller_ng/issues/568Third Party Advisory
https://github.com/cloudfoundry/cloud_controller_ng/issues/568Third Party Advisory

FAQ

What is CVE-2016-2169?

CVE-2016-2169 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a rou...

How severe is CVE-2016-2169?

CVE-2016-2169 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2169?

Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Capi-Release, Cloudfoundry Cloud Controller, Cloudfoundry Cf-Release.