CVE-2016-5016
MEDIUM5.9EPSS 0.28%Cloud Foundry vulnerable to Improper Certificate Validation
發布日:2022/5/14修改日:2024/2/28
描述
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
受影響套件(1)
- Maven/org.cloudfoundry.identity:cloudfoundry-identity-server>= 3.0.0, < 3.3.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(11)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-5016
- WEBhttps://github.com/cloudfoundry/cf-release/releases/tag/v240
- WEBhttps://github.com/cloudfoundry/uaa/commit/0a78612f981c541ad2d997e6a365f2a0b3e799d9
- WEBhttps://github.com/cloudfoundry/uaa/commit/bc91ccd2029e8f1cea0c647f0c9aad4585f7a2c
- WEBhttps://github.com/cloudfoundry/uaa/commit/f97049df1c6c03effda5049c41704ac831ff3925
- WEBhttps://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
- WEBhttps://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
- WEBhttps://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
- WEBhttps://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
- WEBhttps://github.com/cloudfoundry/uaa/releases/tag/3.4.2
- WEBhttps://pivotal.io/security/cve-2016-5016