PT-2016-7013 · Cloud Foundry+1 · Php Buildpack Cf-Release+2

Publicado

2016-09-18

·

Atualizado

2021-09-09

·

CVE-2016-6639

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cloud Foundry PHP Buildpack versions prior to 4.3.18 PHP Buildpack Cf-release versions prior to 242 Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.6.38 Pivotal Cloud Foundry (PCF) Elastic Runtime versions 1.7.x prior to 1.7.19
Description The issue allows remote attackers to obtain sensitive information via an HTTP GET request for the .profile file, which is placed in the htdocs directory.
Recommendations For Cloud Foundry PHP Buildpack versions prior to 4.3.18, update to version 4.3.18 or later. For PHP Buildpack Cf-release versions prior to 242, update to version 242 or later. For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.6.38, update to version 1.6.38 or later. For Pivotal Cloud Foundry (PCF) Elastic Runtime versions 1.7.x prior to 1.7.19, update to version 1.7.19 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

CVE-2016-6639

Produtos afetados

Cloud Foundry Php Buildpack
Php Buildpack Cf-Release
Pivotal Cloud Foundry (Pcf) Elastic Runtime