4 matches found
CVE-2016-6639
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
CVE-2016-6639
Cloud Foundry PHP Buildpack (aka php-buildpack) and PHP Buildpack Cf-release prior to 4.3.18 / 242 expose the .profile file in the htdocs directory, enabling remote HTTP GET requests to disclose sensitive information. Root cause: default exposure of .profile within the buildpack payload used by P...
CVE-2016-6639
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
CVE-2016-6639: PHP Buildpack exposes .profile file | Cloud Foundry
CVE-2016-6639: PHP Buildpack exposes .profile file Medium Vendor Cloud Foundry Foundation Versions Affected PHP Buildpack versions prior to v4.3.18 Cf-release versions prior to v242 Description The .profile file, which can potentially include environment variables and credentials, is exposed by...