CVE-2016-0715

Name of the Vulnerable Software and Affected Versions Pivotal Cloud Foundry Elastic Runtime versions 1.4.0 through 1.4.5 Pivotal Cloud Foundry Elastic Runtime versions 1.5.0 through 1.5.11 Pivotal Cloud Foundry Elastic Runtime versions 1.6.0 through 1.6.11

Description A remote information disclosure issue was found. The original mitigation configuration instructions provided were incomplete, potentially leaving PHP Buildpack, Staticfile Buildpack, and other custom Buildpack applications vulnerable. This issue affects applications that use automated buildpack detection, serve files directly from the root of the application, and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.

Recommendations For Pivotal Cloud Foundry Elastic Runtime versions 1.4.0 through 1.4.5, update the configuration to properly mitigate the remote information disclosure issue. For Pivotal Cloud Foundry Elastic Runtime versions 1.5.0 through 1.5.11, update the configuration to properly mitigate the remote information disclosure issue. For Pivotal Cloud Foundry Elastic Runtime versions 1.6.0 through 1.6.11, update the configuration to properly mitigate the remote information disclosure issue. As a temporary workaround, consider restricting the use of automated buildpack detection for affected applications until a proper configuration update is applied.