Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5016

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Published

2017-04-24T19:59:00.253

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pivotal_software	cloud_foundry	≤ 239	Yes
Application	pivotal_software	cloud_foundry_elastic_runtime	< 1.6.35	Yes
Application	pivotal_software	cloud_foundry_elastic_runtime	< 1.7.13	Yes
Application	pivotal_software	cloud_foundry_uaa	≤ 3.4.1	Yes
Application	pivotal_software	cloud_foundry_uaa-release	≤ 12.2	Yes

References

https://github.com/cloudfoundry/cf-release/releases/tag/v240 Release Notes, Third Party Advisory ([email protected])
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3 Release Notes, Third Party Advisory ([email protected])
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3 Release Notes, Third Party Advisory ([email protected])
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6 Release Notes, Third Party Advisory ([email protected])
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3 Release Notes, Third Party Advisory ([email protected])
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2 Release Notes, Third Party Advisory ([email protected])
https://pivotal.io/security/cve-2016-5016 Vendor Advisory ([email protected])
https://github.com/cloudfoundry/cf-release/releases/tag/v240 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://pivotal.io/security/cve-2016-5016 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)