CVE-2016-0708

Published on: 07/11/2018 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Cf-release from Cloudfoundry contain the following vulnerability:

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.

  • CVE-2016-0708 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: Cloud Foundry - Cloud Foundry version versions v166 through v227

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
CVE-2016-0708 Remote Information Disclosure | Cloud Foundry Mitigation
Vendor Advisory
www.cloudfoundry.org
text/html
URL Logo CONFIRM www.cloudfoundry.org/blog/cve-2016-0708/

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCloudfoundryCf-releaseAllAllAllAll
ApplicationCloudfoundryJava BuildpackAllAllAllAll
  • cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:cloudfoundry:java_buildpack:*:*:*:*:*:*:*:*: