OpenCVE

Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Cloud Foundry Elastic Runtime

Configuration 1 [-]

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://pivotal.io/security/cve-2016-0715

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-09-11T17:00:00Z

Updated: 2024-09-16T16:48:30.435Z

Reserved: 2015-12-16T00:00:00

Link: CVE-2016-0715

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-11T17:29:00.223

Modified: 2019-10-09T23:16:19.697

Link: CVE-2016-0715

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Pivotal Cloud Foundry Elastic Runtime", "vendor": "Pivotal", "versions": [{"status": "affected", "version": "1.4.0 through 1.4.5"}, {"status": "affected", "version": "1.5.0 through 1.5.11"}, {"status": "affected", "version": "1.6.0 through 1.6.11"}]}], "datePublic": "2015-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-11T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2016-0715"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2015-01-18T00:00:00", "ID": "CVE-2016-0715", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pivotal Cloud Foundry Elastic Runtime", "version": {"version_data": [{"version_value": "1.4.0 through 1.4.5"}, {"version_value": "1.5.0 through 1.5.11"}, {"version_value": "1.6.0 through 1.6.11"}]}}]}, "vendor_name": "Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2016-0715", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2016-0715"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:03.868Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2016-0715"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0715", "datePublished": "2018-09-11T17:00:00Z", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-09-16T16:48:30.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E71217-AE50-4073-8B25-555BE399AB4C", "versionEndIncluding": "1.4.5", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6B65F98-7509-4CA9-9692-CAA75ADE6ECC", "versionEndIncluding": "1.5.11", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD0DD97E-27F9-4C12-9FFE-A5C6C0A09473", "versionEndIncluding": "1.6.11", "versionStartIncluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."}, {"lang": "es", "value": "Pivotal Cloud Foundry Elastic Runtime, desde la versi\u00f3n 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versi\u00f3n 1.6.0 hasta la 1.6.11 es vulnerable a una divulgaci\u00f3n de informaci\u00f3n remota. Se ha detectado que las instrucciones originales de configuraci\u00f3n de la mitigaci\u00f3n que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podr\u00edan hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgaci\u00f3n de informaci\u00f3n remota. Las aplicaciones afectadas emplean la detecci\u00f3n automatizada de buildpack, sirven archivos directamente desde el root de la aplicaci\u00f3n y tienen un buildpack que coincid\u00eda con el Java Buildpack en la prioridad del sistema buildpack cuando Java Buildpack estaba presente en versiones desde la2.0 hasta la 3.4."}], "id": "CVE-2016-0715", "lastModified": "2019-10-09T23:16:19.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-11T17:29:00.223", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2016-0715"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}