Remote Information Disclosure in Pivotal Cloud Foundry by Pivotal
CVE-2016-0715

5.9MEDIUM

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
11 September 2018

What is CVE-2016-0715?

Pivotal Cloud Foundry Elastic Runtime lapses due to incomplete mitigation measures in its buildpack detection process, creating vulnerabilities for applications that utilize PHP Buildpack, Staticfile Buildpack, and possibly other custom Buildpacks. Applications serving files from the root directory may inadvertently expose sensitive information. This is particularly concerning when combined with specific versions of the Java Buildpack, making it essential for users to review and enhance their security configurations in light of this flaw.

Affected Version(s)

Pivotal Cloud Foundry Elastic Runtime 1.4.0 through 1.4.5

Pivotal Cloud Foundry Elastic Runtime 1.5.0 through 1.5.11

Pivotal Cloud Foundry Elastic Runtime 1.6.0 through 1.6.11

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.