PT-2017-8651 · Pivotal · Pivotal Cloud Foundry+2
Published
2017-04-24
·
Updated
2022-05-14
·
CVE-2016-5016
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Pivotal Cloud Foundry versions 239 and earlier
UAA versions 3.4.1 and earlier
UAA release 12.2 and earlier
PCF Elastic Runtime versions 1.6.x before 1.6.35
PCF Elastic Runtime versions 1.7.x before 1.7.13
Description
The issue is related to the failure to validate if a certificate is expired.
Recommendations
For Pivotal Cloud Foundry versions 239 and earlier, update to a version later than 239.
For UAA versions 3.4.1 and earlier, update to a version later than 3.4.1.
For UAA release 12.2 and earlier, update to a release later than 12.2.
For PCF Elastic Runtime versions 1.6.x before 1.6.35, update to version 1.6.35 or later.
For PCF Elastic Runtime versions 1.7.x before 1.7.13, update to version 1.7.13 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pcf Elastic Runtime
Pivotal Cloud Foundry
Uaa