CVE-2016-0713
CVE Descriptions
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V3.0 | 4.7 | MEDIUM |
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
More informations
Base: Exploitabilty MetricsThe Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. Attack Vector This metric reflects the context by which vulnerability exploitation is possible. Network A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers). Attack Complexity This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. High A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. Privileges Required This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. None The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack. User Interaction This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component. Required Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. For example, a successful exploit may only be possible during the installation of an application by a system administrator. Base: Scope MetricsAn important property captured by CVSS v3.0 is the ability for a vulnerability in one software component to impact resources beyond its means, or privileges. Scope Formally, Scope refers to the collection of privileges defined by a computing authority (e.g. an application, an operating system, or a sandbox environment) when granting access to computing resources (e.g. files, CPU, memory, etc). These privileges are assigned based on some method of identification and authorization. In some cases, the authorization may be simple or loosely controlled based upon predefined rules or standards. For example, in the case of Ethernet traffic sent to a network switch, the switch accepts traffic that arrives on its ports and is an authority that controls the traffic flow to other switch ports. Changed An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different. Base: Impact MetricsThe Impact metrics refer to the properties of the impacted component. Confidentiality Impact This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Low There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component. Integrity Impact This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Low Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component. Availability Impact This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. None There is no impact to availability within the impacted component. Temporal MetricsThe Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence that one has in the description of a vulnerability. Environmental Metrics |
nvd@nist.gov |
| V2 | 2.6 | AV:N/AC:H/Au:N/C:N/I:P/A:N | nvd@nist.gov |
EPSS
EPSS Score
EPSS Percentile
Products Mentioned
Configuraton 0
Cloudfoundry>>Cf-release >> Version 141
- Cloudfoundry>>Cf-release >> Version 141 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 142
- Cloudfoundry>>Cf-release >> Version 142 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 143
- Cloudfoundry>>Cf-release >> Version 143 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 144
- Cloudfoundry>>Cf-release >> Version 144 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 145
- Cloudfoundry>>Cf-release >> Version 145 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 146
- Cloudfoundry>>Cf-release >> Version 146 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 147
- Cloudfoundry>>Cf-release >> Version 147 (Open CPE detail)
- Cloudfoundry>>Cf-release >> Version 147 (Open CPE detail)
- Cloudfoundry>>Cf-release >> Version 147 (Open CPE detail)
- Cloudfoundry>>Cf-release >> Version 147 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 148
- Cloudfoundry>>Cf-release >> Version 148 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 149
- Cloudfoundry>>Cf-release >> Version 149 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 150
- Cloudfoundry>>Cf-release >> Version 150 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 151
- Cloudfoundry>>Cf-release >> Version 151 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 152
- Cloudfoundry>>Cf-release >> Version 152 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 153
- Cloudfoundry>>Cf-release >> Version 153 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 154
- Cloudfoundry>>Cf-release >> Version 154 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 155
- Cloudfoundry>>Cf-release >> Version 155 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 156
- Cloudfoundry>>Cf-release >> Version 156 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 157
- Cloudfoundry>>Cf-release >> Version 157 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 158
- Cloudfoundry>>Cf-release >> Version 158 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 159
- Cloudfoundry>>Cf-release >> Version 159 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 160
- Cloudfoundry>>Cf-release >> Version 160 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 161
- Cloudfoundry>>Cf-release >> Version 161 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 162
- Cloudfoundry>>Cf-release >> Version 162 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 163
- Cloudfoundry>>Cf-release >> Version 163 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 164
- Cloudfoundry>>Cf-release >> Version 164 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 165
- Cloudfoundry>>Cf-release >> Version 165 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 166
- Cloudfoundry>>Cf-release >> Version 166 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 167
- Cloudfoundry>>Cf-release >> Version 167 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 168
- Cloudfoundry>>Cf-release >> Version 168 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 169
- Cloudfoundry>>Cf-release >> Version 169 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 170
- Cloudfoundry>>Cf-release >> Version 170 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 171
- Cloudfoundry>>Cf-release >> Version 171 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 172
- Cloudfoundry>>Cf-release >> Version 172 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 173
- Cloudfoundry>>Cf-release >> Version 173 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 174
- Cloudfoundry>>Cf-release >> Version 174 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 175
- Cloudfoundry>>Cf-release >> Version 175 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 176
- Cloudfoundry>>Cf-release >> Version 176 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 177
- Cloudfoundry>>Cf-release >> Version 177 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 178
- Cloudfoundry>>Cf-release >> Version 178 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 179
- Cloudfoundry>>Cf-release >> Version 179 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 180
- Cloudfoundry>>Cf-release >> Version 180 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 181
- Cloudfoundry>>Cf-release >> Version 181 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 182
- Cloudfoundry>>Cf-release >> Version 182 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 183
- Cloudfoundry>>Cf-release >> Version 183 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 184
- Cloudfoundry>>Cf-release >> Version 184 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 185
- Cloudfoundry>>Cf-release >> Version 185 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 186
- Cloudfoundry>>Cf-release >> Version 186 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 187
- Cloudfoundry>>Cf-release >> Version 187 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 188
- Cloudfoundry>>Cf-release >> Version 188 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 189
- Cloudfoundry>>Cf-release >> Version 189 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 190
- Cloudfoundry>>Cf-release >> Version 190 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 191
- Cloudfoundry>>Cf-release >> Version 191 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 192
- Cloudfoundry>>Cf-release >> Version 192 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 193
- Cloudfoundry>>Cf-release >> Version 193 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 194
- Cloudfoundry>>Cf-release >> Version 194 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 195
- Cloudfoundry>>Cf-release >> Version 195 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 196
- Cloudfoundry>>Cf-release >> Version 196 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 197
- Cloudfoundry>>Cf-release >> Version 197 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 198
- Cloudfoundry>>Cf-release >> Version 198 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 199
- Cloudfoundry>>Cf-release >> Version 199 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 200
- Cloudfoundry>>Cf-release >> Version 200 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 201
- Cloudfoundry>>Cf-release >> Version 201 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 202
- Cloudfoundry>>Cf-release >> Version 202 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 203
- Cloudfoundry>>Cf-release >> Version 203 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 204
- Cloudfoundry>>Cf-release >> Version 204 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 205
- Cloudfoundry>>Cf-release >> Version 205 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 206
- Cloudfoundry>>Cf-release >> Version 206 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 207
- Cloudfoundry>>Cf-release >> Version 207 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 208
- Cloudfoundry>>Cf-release >> Version 208 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 209
- Cloudfoundry>>Cf-release >> Version 209 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 210
- Cloudfoundry>>Cf-release >> Version 210 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 211
- Cloudfoundry>>Cf-release >> Version 211 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 212
- Cloudfoundry>>Cf-release >> Version 212 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 213
- Cloudfoundry>>Cf-release >> Version 213 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 214
- Cloudfoundry>>Cf-release >> Version 214 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 215
- Cloudfoundry>>Cf-release >> Version 215 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 216
- Cloudfoundry>>Cf-release >> Version 216 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 217
- Cloudfoundry>>Cf-release >> Version 217 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 218
- Cloudfoundry>>Cf-release >> Version 218 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 219
- Cloudfoundry>>Cf-release >> Version 219 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 220
- Cloudfoundry>>Cf-release >> Version 220 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 221
- Cloudfoundry>>Cf-release >> Version 221 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 222
- Cloudfoundry>>Cf-release >> Version 222 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 223
- Cloudfoundry>>Cf-release >> Version 223 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 224
- Cloudfoundry>>Cf-release >> Version 224 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 225
- Cloudfoundry>>Cf-release >> Version 225 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 226
- Cloudfoundry>>Cf-release >> Version 226 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 227
- Cloudfoundry>>Cf-release >> Version 227 (Open CPE detail)
Cloudfoundry>>Cf-release >> Version 228
- Cloudfoundry>>Cf-release >> Version 228 (Open CPE detail)
References
Tags : mailing-list, x_refsource_MLIST
