{"id":"CVE-2016-0713","details":"Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.","modified":"2026-04-10T03:46:50.420529Z","published":"2017-08-31T14:29:00.197Z","references":[{"type":"WEB","url":"https://lists.cloudfoundry.org/archives/list/cf-dev%40lists.cloudfoundry.org/thread/VWDLUNTDKW5CW5JWEM5BOHLJ3J32TAFF/"},{"type":"ADVISORY","url":"https://bosh.io/releases/github.com/cloudfoundry/cf-release?version=229"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cf-release","events":[{"introduced":"0"},{"last_affected":"77fbfd29487448f680b2b630953547c75fe4f0cc"},{"introduced":"0"},{"last_affected":"9431ed0335c253393a64f09236aaca494150522b"},{"introduced":"0"},{"last_affected":"ba2cf62515e3a90f767d2375a520c988eb171dea"},{"introduced":"0"},{"last_affected":"fdb031c9cd605366d57a1d7f41727b16b09a50dc"},{"introduced":"0"},{"last_affected":"121623ca1d3f5b6ab0257db6bb311c83fde9252f"},{"introduced":"0"},{"last_affected":"f4fcea1c7b78f20fcf2b74465e7dd9efba89ce6b"},{"introduced":"0"},{"last_affected":"aac36688cbab8465f58fc8229d53c3fe16750b6c"},{"introduced":"0"},{"last_affected":"29b857fb9dc9bfb7fd2df9f422341c6e02940859"},{"introduced":"0"},{"last_affected":"8769e1d5876a56b2cb7d061bcb5b8236186d9696"},{"introduced":"0"},{"last_affected":"f1dd764236b6286eca1478c7fe3292039ee7e79f"},{"introduced":"0"},{"last_affected":"b9d69ec1603285ebd8253860db4dd905b02a6757"},{"introduced":"0"},{"last_affected":"448073200c4a261d9f4ad8abf843e64cbdc78ee0"},{"introduced":"0"},{"last_affected":"1589ac0bbf450213b5d1ef99857254fdbbbdd691"},{"introduced":"0"},{"last_affected":"c271ccecca359f0168d37db1b4b56d4fba75bbb0"},{"introduced":"0"},{"last_affected":"31a8e6a4a7633457a78d6aef1d8fc2616f511279"},{"introduced":"0"},{"last_affected":"80770c1c3fae27501874fd44238fd639069dfcce"},{"introduced":"0"},{"last_affected":"23f41020690502a361874fb19b08e49667980358"},{"introduced":"0"},{"last_affected":"0cea297d2a246ec2d448811a8ffd7bf63001d2cc"},{"introduced":"0"},{"last_affected":"a226fd78e971b26985b8121130bb8876acd3391a"},{"introduced":"0"},{"last_affected":"95b140ffe01d88bd8d93436d393fa39d38ccd25c"},{"introduced":"0"},{"last_affected":"844d0a4b5e65645f7d94cb7715c0958bd7ba3188"},{"introduced":"0"},{"last_affected":"00b824383898335a0acbf49402fe5eb27cadddbf"},{"introduced":"0"},{"last_affected":"fd7bc709bcee094f471d6a7a59befdc7a6cb51c9"},{"introduced":"0"},{"last_affected":"8b361c3dfb2607f1341dfd652ae1ca72f25ad00d"},{"introduced":"0"},{"last_affected":"d6df4d489b7a6d2712532977b911ffcf217f5a18"},{"introduced":"0"},{"last_affected":"24ffd14d661658a5bd069bbeb25ed6d0d29bcac1"},{"introduced":"0"},{"last_affected":"98356a845c97678a8faeb32c9c46c7127440ba30"},{"introduced":"0"},{"last_affected":"9b05799ab89ffe0440987aaea1a94d09db26888c"},{"introduced":"0"},{"last_affected":"d6d8e8ac2876e0a7645fbb4be4b583ec1e1b40b2"},{"introduced":"0"},{"last_affected":"dfb2520c26f9aca056e013040bb5262042ccc7cf"},{"introduced":"0"},{"last_affected":"d0a80720b571bfe1a7ad9f22b6cd932b3c244c73"},{"introduced":"0"},{"last_affected":"c4dfff2fe703fd05c4a9044b492d8e4abfb4ac6b"},{"introduced":"0"},{"last_affected":"b97e00f50a1548ea71bdf76aa56398d23ed3f760"},{"introduced":"0"},{"last_affected":"f5a27813aaebb47bf090dcc29f23e99199326886"},{"introduced":"0"},{"last_affected":"8cf35826fe6cc1c193d9ecf4bd0fa6fae4c5cba9"},{"introduced":"0"},{"last_affected":"90e80fe9a6e4ba55c7e0fbec6d902a645e1574d2"},{"introduced":"0"},{"last_affected":"64cc15337b5ecee229272602be8aa13ee14a447d"},{"introduced":"0"},{"last_affected":"2852495ef4d0cf5848eae0f71fe0e16a38349cab"},{"introduced":"0"},{"last_affected":"a0b7f4d930d6a693de37be4fd013ca2096acd740"},{"introduced":"0"},{"last_affected":"3fda6ac4aa6ae27cb522e79fbeb55bcaedbcf3b9"},{"introduced":"0"},{"last_affected":"fc13751443a98783643f968191a4989de740c377"},{"introduced":"0"},{"last_affected":"f7d7ad3c01e6bc7b9127e8ca9df37aa82063338a"},{"introduced":"0"},{"last_affected":"82b43aa87269b2815fb3fd2057dd82129e1ffab5"},{"introduced":"0"},{"last_affected":"cb0ba42b9de448c923326fa25ba7cac62b9b220f"},{"introduced":"0"},{"last_affected":"bca1eea880402a3ee9e2f4c497f93b144411b361"},{"introduced":"0"},{"last_affected":"8f534935053364c5ad1b1319535251c20958a9fb"},{"introduced":"0"},{"last_affected":"efa275af0fe9cd04adb285fb61a8fcfd728aebd0"},{"introduced":"0"},{"last_affected":"73f5a0ce403706dc4c9624721ad3f0084492dbb7"},{"introduced":"0"},{"last_affected":"345a8b3e1ea0005a3e9fced13f0bf6fa6f7ad981"},{"introduced":"0"},{"last_affected":"28fc12324e81d921e501b07c1afdc220fbdb70c8"},{"introduced":"0"},{"last_affected":"25d378be9ec97df49e93b9779b906767ddab4f3e"},{"introduced":"0"},{"last_affected":"3b0b31d0dba09d8fb8303b4d9ae1709cd25c5c5d"},{"introduced":"0"},{"last_affected":"0cbf393bc954a0c4efa89584400caffd3a180cc2"},{"introduced":"0"},{"last_affected":"b31131ad980ac397d327ead58fe12f74dfd90521"},{"introduced":"0"},{"last_affected":"87bc638f438b99c219985635b79f534ae2d78ddd"},{"introduced":"0"},{"last_affected":"1b69dcc845e3701fdc5346205e3e4eb661cec322"},{"introduced":"0"},{"last_affected":"962d606ab8260f25af2c7ef335bd74b9e18a7169"},{"introduced":"0"},{"last_affected":"7f7d1158e8f1cdc99d8c6292951d5dcb0e3ddbae"},{"introduced":"0"},{"last_affected":"15ead65649b3a1e8e1b8db7930c81d3c5875b582"},{"introduced":"0"},{"last_affected":"ee8d52f5dc2a525b6b376c1b4928eddbd9daa1f0"},{"introduced":"0"},{"last_affected":"2531223427ab48624a6251eb4011cb74d5a442d9"},{"introduced":"0"},{"last_affected":"afbe01cecc67fc4fe45a1a7cfc774fc2baa25d6c"},{"introduced":"0"},{"last_affected":"6003f780fffc7e2e4dcf9ba76dc20a7bde65583c"},{"introduced":"0"},{"last_affected":"92af12278feea4e52e92229e3c256543bf2af19f"},{"introduced":"0"},{"last_affected":"9334295133435fa77767651030500d2b0de62611"},{"introduced":"0"},{"last_affected":"2121dc6405e0f036efa4dba963f7f49b07e76ffa"},{"introduced":"0"},{"last_affected":"b30e0fd53e3b4cccc0f0f42b03cd556122c70fbd"},{"introduced":"0"},{"last_affected":"2b8fcf9e7c45bdfdda3a7b2cef6e7739bce99439"},{"introduced":"0"},{"last_affected":"758e3ce9f67c7c1995231c5fb11ab26201d6ac55"},{"introduced":"0"},{"last_affected":"5fa14702bca4d36d1fdc7241c63d0b3e40dcbe90"},{"introduced":"0"},{"last_affected":"fdc188e64859ea1cd91b237b7abf3ee929fc8252"},{"introduced":"0"},{"last_affected":"5fd76c798be025101915912171ab80f85516968f"},{"introduced":"0"},{"last_affected":"11a07541fc3cc296516efde4b303b9f67498d394"},{"introduced":"0"},{"last_affected":"6793254b0a2a5b861000c7fe9d001a3e7dbc0796"},{"introduced":"0"},{"last_affected":"ce5a011be5cbc0f1d962e8910531542e773f117c"},{"introduced":"0"},{"last_affected":"e4eb9f4bb337f552fdc20df0220f662bcf5d62d9"},{"introduced":"0"},{"last_affected":"ebd045ff661302117b0c42e28d5770d1b742015f"},{"introduced":"0"},{"last_affected":"55e40e21dfa39aa2726724e14c51c93c7df5542b"},{"introduced":"0"},{"last_affected":"545c1f95dc1cce46cc6d2f2ccbe6510f2693ff7c"},{"introduced":"0"},{"last_affected":"5de34b6a1327e26dfc427989c4ae2c0c9302b719"},{"introduced":"0"},{"last_affected":"baa394224fc5780f641d86d97e833575ada2094b"},{"introduced":"0"},{"last_affected":"a7ead1d4e639153828a5add54ca16a0b45c9e22b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"141"},{"introduced":"0"},{"last_affected":"142"},{"introduced":"0"},{"last_affected":"143"},{"introduced":"0"},{"last_affected":"144"},{"introduced":"0"},{"last_affected":"145"},{"introduced":"0"},{"last_affected":"146"},{"introduced":"0"},{"last_affected":"147"},{"introduced":"0"},{"last_affected":"148"},{"introduced":"0"},{"last_affected":"149"},{"introduced":"0"},{"last_affected":"150"},{"introduced":"0"},{"last_affected":"151"},{"introduced":"0"},{"last_affected":"152"},{"introduced":"0"},{"last_affected":"153"},{"introduced":"0"},{"last_affected":"154"},{"introduced":"0"},{"last_affected":"155"},{"introduced":"0"},{"last_affected":"156"},{"introduced":"0"},{"last_affected":"157"},{"introduced":"0"},{"last_affected":"158"},{"introduced":"0"},{"last_affected":"159"},{"introduced":"0"},{"last_affected":"160"},{"introduced":"0"},{"last_affected":"161"},{"introduced":"0"},{"last_affected":"162"},{"introduced":"0"},{"last_affected":"163"},{"introduced":"0"},{"last_affected":"164"},{"introduced":"0"},{"last_affected":"165"},{"introduced":"0"},{"last_affected":"166"},{"introduced":"0"},{"last_affected":"168"},{"introduced":"0"},{"last_affected":"169"},{"introduced":"0"},{"last_affected":"170"},{"introduced":"0"},{"last_affected":"171"},{"introduced":"0"},{"last_affected":"172"},{"introduced":"0"},{"last_affected":"173"},{"introduced":"0"},{"last_affected":"175"},{"introduced":"0"},{"last_affected":"176"},{"introduced":"0"},{"last_affected":"177"},{"introduced":"0"},{"last_affected":"178"},{"introduced":"0"},{"last_affected":"179"},{"introduced":"0"},{"last_affected":"180"},{"introduced":"0"},{"last_affected":"182"},{"introduced":"0"},{"last_affected":"183"},{"introduced":"0"},{"last_affected":"186"},{"introduced":"0"},{"last_affected":"187"},{"introduced":"0"},{"last_affected":"188"},{"introduced":"0"},{"last_affected":"189"},{"introduced":"0"},{"last_affected":"190"},{"introduced":"0"},{"last_affected":"191"},{"introduced":"0"},{"last_affected":"192"},{"introduced":"0"},{"last_affected":"193"},{"introduced":"0"},{"last_affected":"194"},{"introduced":"0"},{"last_affected":"195"},{"introduced":"0"},{"last_affected":"196"},{"introduced":"0"},{"last_affected":"197"},{"introduced":"0"},{"last_affected":"198"},{"introduced":"0"},{"last_affected":"199"},{"introduced":"0"},{"last_affected":"200"},{"introduced":"0"},{"last_affected":"201"},{"introduced":"0"},{"last_affected":"202"},{"introduced":"0"},{"last_affected":"203"},{"introduced":"0"},{"last_affected":"204"},{"introduced":"0"},{"last_affected":"205"},{"introduced":"0"},{"last_affected":"206"},{"introduced":"0"},{"last_affected":"207"},{"introduced":"0"},{"last_affected":"208"},{"introduced":"0"},{"last_affected":"209"},{"introduced":"0"},{"last_affected":"210"},{"introduced":"0"},{"last_affected":"211"},{"introduced":"0"},{"last_affected":"212"},{"introduced":"0"},{"last_affected":"213"},{"introduced":"0"},{"last_affected":"214"},{"introduced":"0"},{"last_affected":"215"},{"introduced":"0"},{"last_affected":"217"},{"introduced":"0"},{"last_affected":"218"},{"introduced":"0"},{"last_affected":"219"},{"introduced":"0"},{"last_affected":"220"},{"introduced":"0"},{"last_affected":"221"},{"introduced":"0"},{"last_affected":"222"},{"introduced":"0"},{"last_affected":"223"},{"introduced":"0"},{"last_affected":"224"},{"introduced":"0"},{"last_affected":"225"},{"introduced":"0"},{"last_affected":"226"},{"introduced":"0"},{"last_affected":"227"},{"introduced":"0"},{"last_affected":"228"}]}}],"versions":["-","list","log","rc145.0","scotty_09012012","v","v100","v102","v103","v104","v105","v109","v119","v132","v133","v134","v135","v136","v137","v140","v141","v142","v143","v144","v145","v146","v147","v148","v149","v150","v151","v152","v153","v154","v155","v156","v157","v158","v159","v160","v161","v162","v163","v164","v165","v166","v168","v169","v170","v171","v172","v173","v175","v176","v177","v178","v179","v180","v182","v183","v186","v187","v188","v189","v190","v191","v192","v193","v194","v195","v196","v197","v198","v199","v200","v201","v202","v203","v204","v205","v206","v207","v208","v209","v210","v211","v212","v213","v214","v215","v217","v218","v219","v220","v221","v222","v223","v224","v225","v226","v227","v228","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0713.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"167"}]},{"events":[{"introduced":"0"},{"last_affected":"174"}]},{"events":[{"introduced":"0"},{"last_affected":"181"}]},{"events":[{"introduced":"0"},{"last_affected":"184"}]},{"events":[{"introduced":"0"},{"last_affected":"185"}]},{"events":[{"introduced":"0"},{"last_affected":"216"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}