Remote Information Disclosure in Cloud Foundry Applications by Pivotal Software
CVE-2016-0708

5.9MEDIUM

Key Information:

Vendor: Cloud Foundry
Status: Cloud Foundry
Vendor: CVE Published:; 11 July 2018

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2016-0708?

Applications deployed to Cloud Foundry, specifically versions v166 through v227, may expose sensitive information remotely, such as environment variables and bound service details. Vulnerable applications must utilize automatic buildpack detection, pass the Java Buildpack detection script, and permit the serving of static content from within the deployed artifacts. The default configuration of Apache Tomcat in specific Java buildpack versions, particularly for basic web application archive (WAR) packaged applications, is at risk of this disclosure issue.

Affected Version(s)

Cloud Foundry versions v166 through v227

References

https://www.cloudfoundry.org/blog/cve-2016-0708/

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2018
Vulnerability Reserved
Dec 16, 2015

CVE-2016-0708 Data

JSON