Lucene search

[email protected]CVE-2016-0928

HistorySep 18, 2016 - 2:59 a.m.

CVE-2016-0928

2016-09-1802:59:08

CWE-601

[email protected]

web.nvd.nist.gov

cve-2016-0928

pivotal cloud foundry

pcf

elastic runtime

open redirect vulnerabilities

phishing attacks

remote attackers

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected configurations

NVD

Node

pivotalcloud_foundry_elastic_runtimeRange≤1.6.29

pivotalcloud_foundry_elastic_runtimeMatch1.7.0

pivotalcloud_foundry_elastic_runtimeMatch1.7.1

pivotalcloud_foundry_elastic_runtimeMatch1.7.2

pivotalcloud_foundry_elastic_runtimeMatch1.7.3

pivotalcloud_foundry_elastic_runtimeMatch1.7.4

pivotalcloud_foundry_elastic_runtimeMatch1.7.5

pivotalcloud_foundry_elastic_runtimeMatch1.7.6

pivotalcloud_foundry_elastic_runtimeMatch1.7.7

CPENameOperatorVersion
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimele1.6.29
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.0
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.1
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.2
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.3
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.4
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.5
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.6
pivotal:cloud_foundry_elastic_runtimepivotal cloud foundry elastic runtimeeq1.7.7

CPE	Name	Operator	Version
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	le	1.6.29
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.0
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.1
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.2
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.3
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.4
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.5
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.6
pivotal:cloud_foundry_elastic_runtime	pivotal cloud foundry elastic runtime	eq	1.7.7

References

www.securityfocus.com/bid/91550

pivotal.io/security/cve-2016-0928

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for CVE-2016-0928

cvelist1 prion1 nvd1