cbcvebase.
CVE-2016-0708
published 2018-07-11

CVE-2016-0708: Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to…

PriorityP432medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
1.56%
72.2th percentile
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.

Affected

8 ranges
VendorProductVersion rangeFixed in
cloudfoundrycf-release166 – 227
cloudfoundryjava_buildpack2.0 – 3.4
pivotalpivotal_cloud_foundry_elastic_runtime
pivotalpivotal_cloud_foundry_elastic_runtime
pivotalpivotal_cloud_foundry_elastic_runtime
pivotal_softwarecloud_foundry_elastic_runtime1.4.0 – 1.4.5
pivotal_softwarecloud_foundry_elastic_runtime1.5.0 – 1.5.11
pivotal_softwarecloud_foundry_elastic_runtime1.6.0 – 1.6.11

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.