{"containers": {"cna": {"affected": [{"product": "Cloud Foundry", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cloud Foundry"}]}], "datePublic": "2017-08-21T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."}], "problemTypes": [{"descriptions": [{"description": "Information Leak / Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-22T08:06:05.000Z", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"name": "100448", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100448"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8037", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry", "version": {"version_data": [{"version_value": "Cloud Foundry"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leak / Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/cve-2017-8037/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"name": "100448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100448"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.884Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"name": "100448", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100448"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8037", "datePublished": "2017-08-21T22:00:00.000Z", "dateReserved": "2017-04-21T00:00:00.000Z", "dateUpdated": "2024-08-05T16:19:29.884Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F260594E-4032-406D-8B84-3E91400F86FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2D9350E-0AA5-4D9A-A41A-855B40E440D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A66A9C0A-9B42-4B7E-A4B7-F06601B67FB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "207F6A29-0A37-4CDD-8DB2-E6CD89204013", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3803207-D7A0-47E0-A357-314C245C5C13", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "039156DB-D2DC-4AD5-9ACE-52095FE688BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "7343B84E-3255-4BB4-A988-03BC9DC8D7E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3EB53101-EC12-49DE-8C3C-3B373C4FA1E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "15625A3E-61A4-4F7E-BFEC-7ED830AE41C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "38B7D6B1-2CB1-4FB1-BC63-3104391D2742", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4D9D5D4-14E4-404A-B88E-78C8A37CB9B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C56907A-3233-435F-933B-8E3ED4965BC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "A33E86E4-BD1C-4D03-9AF4-7A86B0B5BCE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "C409657C-0C4D-4873-B707-38AC618035CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*", "matchCriteriaId": "41CD5C38-E188-41DB-A811-27438525FDAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E3EC8F2-3520-4952-9541-3C56F6D131BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1671324-93EB-4409-9BA5-0D2D847C6A85", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "45AC669D-3AED-48C2-ADA2-D1EE235FA793", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "8970738B-E240-4C3E-A8F6-57FB66976B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "00406C75-1032-49A3-9C4E-AC41F46CA778", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*", "matchCriteriaId": "D464CFBC-5AEF-4B65-8616-8E31E8C856D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "7FE0978C-1BEC-4FCE-A625-0FF196B3E6C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B258E3E-2291-4180-9735-71EE2874250B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "D416F421-66EB-4A80-BC1A-B99AE3F7E126", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D8DA9C5-C65C-467B-AD90-8B84E8EF9397", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D7F5A30-36EF-4F1D-B712-4F482F757CEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8D55D28-676E-42C4-90A5-C9CE306D42C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "76369246-BE4B-4FAC-855B-8590C5C8DFBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "F684CB9F-8079-452A-9F27-8F964C636AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "772569FD-E641-42EB-A694-64EC4E7437E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "35A5003C-2FB9-4FA3-AC7E-038CD573A23C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*", "matchCriteriaId": "2DA6A56C-E0FE-4CB1-BE86-4C1E80D97265", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*", "matchCriteriaId": "BAF4D7D1-4C35-4F76-816D-3F2407804E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*", "matchCriteriaId": "D852D5F4-DDB4-4C76-88B6-EB49E21FEDC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*", "matchCriteriaId": "B35C30C1-E2B9-4590-8765-1E0DA735E026", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*", "matchCriteriaId": "3680FAA7-9B57-4A9A-BD20-68821A7D4FE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*", "matchCriteriaId": "E9F9A19A-9E31-4E4A-869C-9C13163A06C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*", "matchCriteriaId": "F08095E9-1BA9-438F-B776-D75F419E682E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*", "matchCriteriaId": "CAE29D36-9A2E-4D87-8C0C-D8FC1034B027", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*", "matchCriteriaId": "7E227D42-19CA-45DD-AAC1-8D31537B5BFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*", "matchCriteriaId": "BC145421-17F6-438B-9C3F-8DED72F3B5B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*", "matchCriteriaId": "5046C2CB-99C6-4243-B830-B3957910F1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*", "matchCriteriaId": "5A07B320-7DC3-4E7B-8997-6606F8FCBEBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*", "matchCriteriaId": "3F7777A5-9136-49E4-9A6F-3C9A6687DAA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*", "matchCriteriaId": "88C90B83-9597-427C-A941-06F0C5A8C3DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*", "matchCriteriaId": "A3D92B65-E45A-42EE-B0B9-AD69E1881E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*", "matchCriteriaId": "A98BAE4B-184F-49A4-89E1-4F270CC7FEC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*", "matchCriteriaId": "A7E78B11-B3E9-4D62-8F17-F2575D7F9181", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*", "matchCriteriaId": "EB5EF186-0D05-497D-A66C-142ED0DFA973", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*", "matchCriteriaId": "7A262620-E71A-44C7-A1F4-BEEDF107BC2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*", "matchCriteriaId": "B9D721F9-227C-4F1D-9010-D1920F692228", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*", "matchCriteriaId": "6AE4BA55-963C-4EB1-AD85-344AAE107A82", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*", "matchCriteriaId": "7E5827B3-143F-408B-A0C7-005079BD9215", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*", "matchCriteriaId": "762BE4A1-931B-4C44-94C8-F5DC894CFD1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*", "matchCriteriaId": "735E1016-97F0-4286-955F-6017A2F8AD79", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*", "matchCriteriaId": "F021AB15-30F0-46DE-B613-11E3D4C9FD50", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."}, {"lang": "es", "value": "En Cloud Foundry Foundation CAPI-release en versiones posteriores a la v1.6.0 y anteriores a la v1.38.0 y cf-release en versiones posteriores a la v244 y anteriores a la v270 hay una soluci\u00f3n incompleta para CVE-2017-8035. Si ha emprendido acciones para solucionar CVE-2017-8035, tambi\u00e9n deber\u00eda actualizar para solucionar este CVE. Una petici\u00f3n CAPI especialmente manipulada desde un Space Developer puede permitir que atacantes obtengan acceso al Cloud Controller VM para tal instalaci\u00f3n. Esto tambi\u00e9n se conoce como (Fuga/Divulgaci\u00f3n de Informaci\u00f3n)."}], "id": "CVE-2017-8037", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-21T22:29:00.183", "references": [{"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/100448"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/100448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}