CVE-2016-0715

Published on: 09/11/2018 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Certain versions of Cloud Foundry Elastic Runtime from Pivotal Software contain the following vulnerability:

Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.

  • CVE-2016-0715 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo Pivotal - Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5
  • Affected Vendor/Software: URL Logo Pivotal - Pivotal Cloud Foundry Elastic Runtime version 1.5.0 through 1.5.11
  • Affected Vendor/Software: URL Logo Pivotal - Pivotal Cloud Foundry Elastic Runtime version 1.6.0 through 1.6.11

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
CVE-2016-0715 Remote Information Disclosure | Security | Pivotal Vendor Advisory
pivotal.io
text/html
URL Logo CONFIRM pivotal.io/security/cve-2016-0715

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationPivotal SoftwareCloud Foundry Elastic RuntimeAllAllAllAll
ApplicationPivotal SoftwareCloud Foundry Elastic RuntimeAllAllAllAll
ApplicationPivotal SoftwareCloud Foundry Elastic RuntimeAllAllAllAll
  • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*: