CVE-2016-0708 — Sensitive Information Exposure in Java Buildpack

CWE-200 — Sensitive Information Exposure8 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 57.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-release Cloudfoundry Java Buildpack Pivotal Software Cloud Foundry Elastic Runtime +2 more

Timeline

PublishedJul 11

Latest updateMay 14

Description

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶NVDcloudfoundry/java_buildpack2.0 — 3.4

▶NVDcloudfoundry/cf-release166 — 227

▶NVDpivotal_software/cloud_foundry_elastic_runtime1.4.0 — 1.4.5+2

▶CVEListV5cloud_foundry/cloud_foundryversions v166 through v227

▶CVEListV5pivotal/pivotal_cloud_foundry_elastic_runtime1.4.0 through 1.4.5, 1.5.0 through 1.5.11, 1.6.0 through 1.6.11+2

🔴Vulnerability Details

GHSA

GHSA-rr6c-mf52-hvf4: Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limite↗2022-05-14

▶

GHSA

GHSA-rp33-25mp-qmv4: Pivotal Cloud Foundry Elastic Runtime version 1↗2022-05-13

▶

CVEList

CVE-2016-0715: Pivotal Cloud Foundry Elastic Runtime version 1↗2018-09-11

▶

CVEList

CVE-2016-0708: Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limite↗2018-07-11

▶