cve-2016-0715
Vulnerability from cvelistv5
Published
2018-09-11 17:00
Modified
2024-09-16 16:48
Severity ?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
References
secalert@redhat.comhttps://pivotal.io/security/cve-2016-0715Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2016-0715Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:03.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2016-0715"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pivotal Cloud Foundry Elastic Runtime",
          "vendor": "Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.0 through 1.4.5"
            },
            {
              "status": "affected",
              "version": "1.5.0 through 1.5.11"
            },
            {
              "status": "affected",
              "version": "1.6.0 through 1.6.11"
            }
          ]
        }
      ],
      "datePublic": "2015-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-11T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2016-0715"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2015-01-18T00:00:00",
          "ID": "CVE-2016-0715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pivotal Cloud Foundry Elastic Runtime",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.4.0 through 1.4.5"
                          },
                          {
                            "version_value": "1.5.0 through 1.5.11"
                          },
                          {
                            "version_value": "1.6.0 through 1.6.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2016-0715",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2016-0715"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0715",
    "datePublished": "2018-09-11T17:00:00Z",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-09-16T16:48:30.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.4.0\", \"versionEndIncluding\": \"1.4.5\", \"matchCriteriaId\": \"61E71217-AE50-4073-8B25-555BE399AB4C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.5.0\", \"versionEndIncluding\": \"1.5.11\", \"matchCriteriaId\": \"A6B65F98-7509-4CA9-9692-CAA75ADE6ECC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.6.0\", \"versionEndIncluding\": \"1.6.11\", \"matchCriteriaId\": \"FD0DD97E-27F9-4C12-9FFE-A5C6C0A09473\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.\"}, {\"lang\": \"es\", \"value\": \"Pivotal Cloud Foundry Elastic Runtime, desde la versi\\u00f3n 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versi\\u00f3n 1.6.0 hasta la 1.6.11 es vulnerable a una divulgaci\\u00f3n de informaci\\u00f3n remota. Se ha detectado que las instrucciones originales de configuraci\\u00f3n de la mitigaci\\u00f3n que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podr\\u00edan hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgaci\\u00f3n de informaci\\u00f3n remota. Las aplicaciones afectadas emplean la detecci\\u00f3n automatizada de buildpack, sirven archivos directamente desde el root de la aplicaci\\u00f3n y tienen un buildpack que coincid\\u00eda con el Java Buildpack en la prioridad del sistema buildpack cuando Java Buildpack estaba presente en versiones desde la2.0 hasta la 3.4.\"}]",
      "id": "CVE-2016-0715",
      "lastModified": "2024-11-21T02:42:14.563",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-09-11T17:29:00.223",
      "references": "[{\"url\": \"https://pivotal.io/security/cve-2016-0715\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2016-0715\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-0715\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-09-11T17:29:00.223\",\"lastModified\":\"2024-11-21T02:42:14.563\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.\"},{\"lang\":\"es\",\"value\":\"Pivotal Cloud Foundry Elastic Runtime, desde la versi\u00f3n 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versi\u00f3n 1.6.0 hasta la 1.6.11 es vulnerable a una divulgaci\u00f3n de informaci\u00f3n remota. Se ha detectado que las instrucciones originales de configuraci\u00f3n de la mitigaci\u00f3n que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podr\u00edan hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgaci\u00f3n de informaci\u00f3n remota. Las aplicaciones afectadas emplean la detecci\u00f3n automatizada de buildpack, sirven archivos directamente desde el root de la aplicaci\u00f3n y tienen un buildpack que coincid\u00eda con el Java Buildpack en la prioridad del sistema buildpack cuando Java Buildpack estaba presente en versiones desde la2.0 hasta la 3.4.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndIncluding\":\"1.4.5\",\"matchCriteriaId\":\"61E71217-AE50-4073-8B25-555BE399AB4C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndIncluding\":\"1.5.11\",\"matchCriteriaId\":\"A6B65F98-7509-4CA9-9692-CAA75ADE6ECC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndIncluding\":\"1.6.11\",\"matchCriteriaId\":\"FD0DD97E-27F9-4C12-9FFE-A5C6C0A09473\"}]}]}],\"references\":[{\"url\":\"https://pivotal.io/security/cve-2016-0715\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2016-0715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.