Lucene search

[email protected]CVE-2016-5016

HistoryApr 24, 2017 - 7:59 p.m.

CVE-2016-5016

2017-04-2419:59:00

CWE-295

[email protected]

web.nvd.nist.gov

cve-2016-5016

pivotal cloud foundry

uaa

elastic runtime

certificate validation

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Affected configurations

NVD

Node

pivotal_softwarecloud_foundryRange≤239

pivotal_softwarecloud_foundry_elastic_runtimeRange1.6.0–1.6.35

pivotal_softwarecloud_foundry_elastic_runtimeRange1.7.0–1.7.13

pivotal_softwarecloud_foundry_uaaRange≤3.4.1

pivotal_softwarecloud_foundry_uaa-releaseRange≤12.2

CPENameOperatorVersion
pivotal_software:cloud_foundrypivotal software cloud foundryle239
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimelt1.6.35
pivotal_software:cloud_foundry_elastic_runtimepivotal software cloud foundry elastic runtimelt1.7.13
pivotal_software:cloud_foundry_uaapivotal software cloud foundry uaale3.4.1
pivotal_software:cloud_foundry_uaa-releasepivotal software cloud foundry uaa-releasele12.2

CPE	Name	Operator	Version
pivotal_software:cloud_foundry	pivotal software cloud foundry	le	239
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	lt	1.6.35
pivotal_software:cloud_foundry_elastic_runtime	pivotal software cloud foundry elastic runtime	lt	1.7.13
pivotal_software:cloud_foundry_uaa	pivotal software cloud foundry uaa	le	3.4.1
pivotal_software:cloud_foundry_uaa-release	pivotal software cloud foundry uaa-release	le	12.2

References

github.com/cloudfoundry/cf-release/releases/tag/v240

github.com/cloudfoundry/uaa-release/releases/tag/v11.3

github.com/cloudfoundry/uaa-release/releases/tag/v12.3

github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

github.com/cloudfoundry/uaa/releases/tag/3.4.2

pivotal.io/security/cve-2016-5016

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for CVE-2016-5016

cloudfoundry2 osv1 prion1 nvd1 github1 cvelist1