Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-0896

Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.

Published

2016-09-18T02:59:01.637

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.3 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-254
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application pivotal_software cloud_foundry_elastic_runtime ≤ 1.6.33 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.0 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.1 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.2 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.3 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.4 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.5 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.6 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.7 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.8 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.9 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.10 Yes
Application pivotal_software cloud_foundry_elastic_runtime 1.7.11 Yes
References