105 matches found
CVE-2016-6651
The UAA /oauth/token endpoint in Pivotal Cloud Foundry PCF before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and...
CVE-2016-6637
Multiple cross-site request forgery CSRF vulnerabilities in Pivotal Cloud Foundry PCF before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops...
CVE-2016-6636
CVE-2016-6636 affects Pivotal Cloud Foundry components and related UAA releases. The vulnerability arises from improper validation of redirect_uri subdomains in the OAuth authorization flow, enabling a remote attacker to obtain implicit access tokens by using a modified subdomain. Affected softwa...
CVE-2016-6639
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
CVE-2016-0928
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2016-0928
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2016-0926
Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...
CVE-2016-0896
Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the allopen Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address...
Open redirect
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...
Security feature bypass
Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the allopen Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address...
CVE-2016-0896
Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the allopen Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address...
CVE-2016-6639
Cloud Foundry PHP Buildpack (aka php-buildpack) and PHP Buildpack Cf-release prior to 4.3.18 / 242 expose the .profile file in the htdocs directory, enabling remote HTTP GET requests to disclose sensitive information. Root cause: default exposure of .profile within the buildpack payload used by P...
CVE-2016-0926
Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...
CVE-2016-6639
Cloud Foundry PHP Buildpack aka php-buildpack before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers t...
CVE-2016-0928
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2016-0926
CVE-2016-0926 is a cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Elastic Runtime 's Apps Manager . The flaw affects Elastic Runtime versions prior to 1.6.32 and prior to 1.7.8 for the 1.7.x line, where untrusted input that interacts with the AngularJS framework can be re...
CVE-2016-0896
CVE-2016-0896 affects Pivotal Cloud Foundry Elastic Runtime. The issue occurs when older releases (1.6.x before 1.6.34 and 1.7.x before 1.7.12) place the 169.254.0.0/16 range into the all_open Application Security Group, potentially allowing remote attackers who can access the 169.254.169.254 add...
CVE-2016-0928
The CVE pertains to Pivotal Cloud Foundry Elastic Runtime (PCF) with open redirect vulnerabilities in versions prior to 1.6.30 and 1.7.x before 1.7.8 . The underlying issue is open redirect flaws that allow remote attackers to redirect users to arbitrary external sites, enabling phishing when use...
Pivotal Cloud Foundry Elastic Runtime Security Bypass Vulnerability
Pivotal Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Elastic Runtime is a runtime environment for Pivotal Cloud Foundry. A security bypass...