CVE-2016-0708

EPSS 0.22%
Published 11.07.2018 20:29:00
Last modified 21.11.2024 02:42:13
Source security_alert@emc.com
Teams watchlist Login
Open Login

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cloudfoundry ≫ Cf-release Version >= 166 <= 227

Cloudfoundry ≫ Java Buildpack Version >= 2.0 <= 3.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.412

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.cloudfoundry.org/blog/cve-2016-0708/

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2016-0708

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0708

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0708

EUVD