CVE-2016-6659

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release aka uaa-release before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially craft...

CVE-2016-6659

CVE-2016-6659 affects Cloud Foundry components: Cloud Foundry release v247 and earlier, UAA 2.x up to 2.7.4.12, UAA 3.x up to 3.6.5, and 3.7.x–3.9.x up to 3.9.3, plus the UAA bosh release (uaa-release) up to v13.9 (for 3.6.5) or v24 (for 3.9.3). The root cause is an elevation of privilege through...