CVE-2016-0708

EPSS 0.22%
Veröffentlicht 11.07.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 02:42:13
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudfoundry ≫ Cf-release Version >= 166 <= 227

Cloudfoundry ≫ Java Buildpack Version >= 2.0 <= 3.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.412

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.cloudfoundry.org/blog/cve-2016-0708/

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2016-0708

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0708

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0708

EUVD