CVE-2016-6639

Cloud Foundry PHP Buildpack (aka php-buildpack) and PHP Buildpack Cf-release prior to 4.3.18 / 242 expose the .profile file in the htdocs directory, enabling remote HTTP GET requests to disclose sensitive information. Root cause: default exposure of .profile within the buildpack payload used by P...