VYPR
← All advisories
Medium severity4.7OSV Advisory· Published Aug 31, 2017· Updated May 13, 2026

CVE-2016-0713

CVE-2016-0713

Description

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Man-in-the-middle attackers can conduct cross-site scripting (XSS) attacks on Cloud Foundry Gorouter by injecting malicious code into modified requests, affecting cf-release v141 through v228.

Vulnerability

Gorouter in Cloud Foundry cf-release versions v141 through v228 is vulnerable to cross-site scripting (XSS) via man-in-the-middle attacks. A malicious intermediary that can modify requests from a client to the router can inject arbitrary code, which is then executed on the client's operating system [1].

Exploitation

An attacker must have a man-in-the-middle position between the client and Gorouter to intercept and modify requests. No authentication or user interaction is required beyond the attacker's ability to tamper with network traffic. The attacker modifies the request to include malicious script code [1].

Impact

Successful exploitation results in arbitrary code execution within the context of the client's operating system, allowing the attacker to perform actions such as stealing cookies, redirecting to malicious sites, or further compromising the client. According to the advisory, this vulnerability does not pose a risk for penetration of Cloud Foundry system components or hosted applications [1].

Mitigation

The vulnerability is fixed in cf-release v229, released on January 22, 2016. Cloud Foundry deployments using Gorouter should upgrade to v229 or later. No workarounds are documented [1].

References
  1. Cloud Foundry BOSH

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

90
  • Cloudfoundry/Cf ReleaseOSV90 versions
    -, list, log, …+ 89 more
    • (no CPE)range: -, list, log, …
    • cpe:2.3:a:cloudfoundry:cf-release:141:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:142:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:143:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:144:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:145:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:146:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:147:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:148:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:149:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:150:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:151:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:152:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:153:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:154:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:155:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:156:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:157:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:158:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:159:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:160:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:161:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:162:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:163:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:164:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:165:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:166:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:167:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:168:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:169:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:170:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:171:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:172:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:173:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:174:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:175:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:176:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:177:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:178:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:179:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:180:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:181:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:182:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:183:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:184:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:185:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:186:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:187:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:188:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:189:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:190:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:191:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:192:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:193:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:194:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:195:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:196:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:197:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:198:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:199:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:200:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:201:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:202:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:203:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:204:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:205:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:206:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:207:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:208:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:209:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:210:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:211:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:212:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:213:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:214:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:215:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:216:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:217:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:218:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:219:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:220:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:221:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:222:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:223:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:224:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:225:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:226:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:227:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudfoundry:cf-release:228:*:*:*:*:*:*:*
    • (no CPE)range: >= v141 <= v228

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.