Remote Information Disclosure in Pivotal Cloud Foundry by Pivotal
CVE-2016-0715
5.9MEDIUM
What is CVE-2016-0715?
Pivotal Cloud Foundry Elastic Runtime lapses due to incomplete mitigation measures in its buildpack detection process, creating vulnerabilities for applications that utilize PHP Buildpack, Staticfile Buildpack, and possibly other custom Buildpacks. Applications serving files from the root directory may inadvertently expose sensitive information. This is particularly concerning when combined with specific versions of the Java Buildpack, making it essential for users to review and enhance their security configurations in light of this flaw.
Affected Version(s)
Pivotal Cloud Foundry Elastic Runtime 1.4.0 through 1.4.5
Pivotal Cloud Foundry Elastic Runtime 1.5.0 through 1.5.11
Pivotal Cloud Foundry Elastic Runtime 1.6.0 through 1.6.11
