CVE-2016-0928

Опубликовано: 18 сент. 2016

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/91550
https://pivotal.io/security/cve-2016-0928
Vendor Advisory
http://www.securityfocus.com/bid/91550
https://pivotal.io/security/cve-2016-0928
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*

Версия до 1.6.29 (включая)

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00217

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-56mx-v8hf-v789