CVE-2016-0780 — Cloud Foundry vulnerability

CWE-3993 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Cloud Foundry Cloudfoundry Cf-release Pivotal Software Cloud Foundry Elastic Runtime

Timeline

PublishedMay 25

Latest updateMay 13

Description

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime35 versions+34

▶CVEListV5pivotal/cloud_foundryElastic Runtime 1.5.x versions prior to 1.5.17, Elastic Runtime 1.6.x versions prior to 1.6.18, cf-release v231 and lower+2

▶NVDcloudfoundry/cf-release231

🔴Vulnerability Details

GHSA

GHSA-68vw-f384-v6m6: It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1↗2022-05-13

▶

CVEList

CVE-2016-0780: It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1↗2017-05-25

▶