PT-2016-7013 · Cloud Foundry+1 · Php Buildpack Cf-Release+2

Published

2016-09-18

·

Updated

2021-09-09

·

CVE-2016-6639

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cloud Foundry PHP Buildpack versions prior to 4.3.18 PHP Buildpack Cf-release versions prior to 242 Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.6.38 Pivotal Cloud Foundry (PCF) Elastic Runtime versions 1.7.x prior to 1.7.19
Description The issue allows remote attackers to obtain sensitive information via an HTTP GET request for the .profile file, which is placed in the htdocs directory.
Recommendations For Cloud Foundry PHP Buildpack versions prior to 4.3.18, update to version 4.3.18 or later. For PHP Buildpack Cf-release versions prior to 242, update to version 242 or later. For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.6.38, update to version 1.6.38 or later. For Pivotal Cloud Foundry (PCF) Elastic Runtime versions 1.7.x prior to 1.7.19, update to version 1.7.19 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2016-6639

Affected Products

Cloud Foundry Php Buildpack
Php Buildpack Cf-Release
Pivotal Cloud Foundry (Pcf) Elastic Runtime