CVE-2016-5016
MEDIUM5.9EPSS 0.28%Cloud Foundry vulnerable to Improper Certificate Validation
Published: 5/14/2022Modified: 2/28/2024
Description
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Affected packages (1)
- Maven/org.cloudfoundry.identity:cloudfoundry-identity-server>= 3.0.0, < 3.3.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (11)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-5016
- WEBhttps://github.com/cloudfoundry/cf-release/releases/tag/v240
- WEBhttps://github.com/cloudfoundry/uaa/commit/0a78612f981c541ad2d997e6a365f2a0b3e799d9
- WEBhttps://github.com/cloudfoundry/uaa/commit/bc91ccd2029e8f1cea0c647f0c9aad4585f7a2c
- WEBhttps://github.com/cloudfoundry/uaa/commit/f97049df1c6c03effda5049c41704ac831ff3925
- WEBhttps://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
- WEBhttps://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
- WEBhttps://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
- WEBhttps://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
- WEBhttps://github.com/cloudfoundry/uaa/releases/tag/3.4.2
- WEBhttps://pivotal.io/security/cve-2016-5016