CVE-2016-6655 - OpenCVE

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cloudfoundry	Cf-mysql-release Cf-release

Configuration 1 [-]

OR	cpe:2.3:a:cloudfoundry:cf-mysql-release::::::::
	cpe:2.3:a:cloudfoundry:cf-release::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/93889
https://www.cloudfoundry.org/cve-2016-6655/

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-06-13T06:00:00

Updated: 2024-08-06T01:36:29.579Z

Reserved: 2016-08-10T00:00:00

Link: CVE-2016-6655

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-06-13T06:29:00.190

Modified: 2017-11-08T12:58:19.673

Link: CVE-2016-6655

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cloud Foundry", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cloud Foundry"}]}], "datePublic": "2017-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."}], "problemTypes": [{"descriptions": [{"description": "command injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-13T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/cve-2016-6655/"}, {"name": "93889", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93889"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-6655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry", "version": {"version_data": [{"version_value": "Cloud Foundry"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "command injection"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/cve-2016-6655/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/cve-2016-6655/"}, {"name": "93889", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93889"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:29.579Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudfoundry.org/cve-2016-6655/"}, {"name": "93889", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93889"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-6655", "datePublished": "2017-06-13T06:00:00", "dateReserved": "2016-08-10T00:00:00", "dateUpdated": "2024-08-06T01:36:29.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-mysql-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "503F79C0-4F12-4AA0-8902-12217C476BBC", "versionEndIncluding": "30", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A9D6FC7-3CB5-4C15-A0F3-E64577C72EAB", "versionEndIncluding": "244", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."}, {"lang": "es", "value": "Un problema fue descubierto en Cloud Foundry Foundation Cloud Foundry liberado en versiones anteriores a la v245 y cf-mysql liberado anterior a la v31. Una inyecci\u00f3n de comando fue descubierta en un script com\u00fan usado por varios componentes de Cloud Foundry. Un usuario malicioso podr\u00eda explotar numerosos vectores para ejecutar comando arbitrarios en servidores con Cloud Foundry ejecut\u00e1ndose."}], "id": "CVE-2016-6655", "lastModified": "2017-11-08T12:58:19.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-13T06:29:00.190", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93889"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2016-6655/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}