CVE-2016-5016

🗓️ 24 Apr 2017 19:00:00Reported by redhatType

Pivotal Cloud Foundry 239 and earlier, UAA 3.4.1 and earlier, PCF Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired

Reporter	Title	Published	Views	Family All 12
Cloud Foundry	CVE-2016-5016 UAA accepts expired certificates \| Cloud Foundry	18 Aug 201600:00	–	cloudfoundry
Cloud Foundry	CVE-2016-5016 UAA accepts expired certificates \| Cloud Foundry	18 Aug 201600:00	–	cloudfoundry
CNVD	Multiple Pivotal Software Products Accept Expired Certificates Vulnerability	20 Jul 201700:00	–	cnvd
Cvelist	CVE-2016-5016	24 Apr 201719:00	–	cvelist
EUVD	EUVD-2022-5144	3 Oct 202520:07	–	euvd
Github Security Blog	Cloud Foundry vulnerable to Improper Certificate Validation	14 May 202201:30	–	github
NVD	CVE-2016-5016	24 Apr 201719:59	–	nvd
OSV	CVE-2016-5016	24 Apr 201719:59	–	osv
OSV	GHSA-RC2R-W8JV-VGGP Cloud Foundry vulnerable to Improper Certificate Validation	14 May 202201:30	–	osv
Prion	Code injection	24 Apr 201719:59	–	prion

NVD

Node

pivotal_software cloud_foundryRange≤239

pivotal_software cloud_foundry_elastic_runtimeRange1.6.0–1.6.35

pivotal_software cloud_foundry_elastic_runtimeRange1.7.0–1.7.13

pivotal_software cloud_foundry_uaaRange≤3.4.1

pivotal_software cloud_foundry_uaa-releaseRange≤12.2

Source	Link
github	www.github.com/cloudfoundry/cf-release/releases/tag/v240
github	www.github.com/cloudfoundry/uaa/releases/tag/3.4.2
github	www.github.com/cloudfoundry/uaa-release/releases/tag/v12.3
pivotal	www.pivotal.io/security/cve-2016-5016
github	www.github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
github	www.github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
github	www.github.com/cloudfoundry/uaa-release/releases/tag/v11.3

13 May 2026 00:24Current

5.7Medium risk

Vulners AI Score5.7

CVSS 24.3

CVSS 35.9

EPSS0.00278

CWE-295