cvelistv5 - cve-2017-4994

CVE-2017-4994 (GCVE-0-2017-4994)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47

Summary

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.

Severity ?

No CVSS data available.

CWE

Forwarded Headers in UAA

Assigner

dell

References

URL

Tags

https://www.cloudfoundry.org/cve-2017-4994/

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cloud Foundry	Affected: Cloud Foundry

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:47:43.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudfoundry.org/cve-2017-4994/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cloud Foundry",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cloud Foundry"
            }
          ]
        }
      ],
      "datePublic": "2017-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Forwarded Headers in UAA",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-13T05:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudfoundry.org/cve-2017-4994/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-4994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cloud Foundry",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cloud Foundry"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Forwarded Headers in UAA"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/cve-2017-4994/",
              "refsource": "CONFIRM",
              "url": "https://www.cloudfoundry.org/cve-2017-4994/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-4994",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2016-12-29T00:00:00",
    "dateUpdated": "2024-08-05T14:47:43.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"39\", \"matchCriteriaId\": \"641CFBD1-D8D0-4F7E-BAFD-59A51F3FD353\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C24E2CE5-6DBA-4B45-951D-0F7189C9A94D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0EB01AB-A033-4DCC-B433-0674078E31DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"749B1CBF-6297-4F4D-970D-25D1D0A88AE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C369E22-27DF-40B3-B94F-45DFC47E6A60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A4975D0-2C4D-4883-A849-D434FB8A7E2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E85B347-27E2-4EF9-9CF0-13902EC4741D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93081AC1-C07E-4E6D-8B1E-8D561461FEB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4F6208B-7FA5-4177-8942-2037BEE99546\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8120A442-6A3D-4918-A829-A84B2B9694E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D7AF658-FFBB-49AB-8A44-9989A7FEC707\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC42F184-AFEC-4992-BFEF-B410CDF1452A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"147C8C7B-F6C6-4338-A181-BF450C53C14B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"555B74DE-E5D6-493B-96B4-87C636104B64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A090F790-1A28-4238-8727-3F9475706A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEFE0727-C152-4726-A70E-C75BACD31071\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38D708B8-485D-445E-8A21-474A500F1184\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4B8A221-8740-4D35-871D-EABDB2F8332D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A426C1DD-0C64-468A-B96E-B0B94FFF0A89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEFEEACE-5BED-4507-A770-69D36F478791\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"860B073C-AC50-473C-9650-7421F3638FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2BBC265-7026-469B-BB30-D7DB7A334A65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08E99F4C-6BB5-415E-A5F3-285A3219EEF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03E24F1B-C999-4C02-BFDD-00F1E2A53E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75D365CB-5BDA-4387-AA3E-2F02B552162F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E80E3184-345D-4C78-ABAA-94B3D9A53252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F654A04-B949-415D-982A-7341486B2B01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEF9F58F-1387-4D84-932F-8CC8F380E797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"262\", \"matchCriteriaId\": \"DFB1693A-98D4-47AB-ADD3-A8412AD24F7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.2.0\", \"matchCriteriaId\": \"FF552C5A-2298-43F4-AF70-20E9E4B402D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"942E59F5-172F-4802-81AE-D43E72189889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"504AA7E0-D1F5-4097-B53B-F0E36328B1EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DCD6CB7-5D49-4897-8353-44E5B08D9375\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1B4C4EB-3337-4053-BA4B-93A849263A42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9339A684-B1F0-4110-9E48-A04BED74DC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2261C887-8179-4BBA-A2CF-174F8F3017FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EED2616-E58D-4604-BBBC-AC24BCA068A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"916733EA-F51A-49E2-9D47-9B713B36C847\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA1887F9-EB71-41AE-9E45-DD86A54AA958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7D01A32-98DA-4F7F-B7A0-D1695478C208\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C57AACB-1ECA-4047-A8AA-D768DA54BB86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D164FF1-D85D-4800-A726-465A32974BEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10286C78-A413-4FD3-B7F7-39C17A50D75C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D022F9B-4877-4A97-AE22-BAF579B38DE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87D2BF0D-963C-430F-A4FE-F452F15035BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D8C3C5E-E942-483A-A914-CC57DDCB6EAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D1773D7-B165-414D-9374-9AC8401CE461\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D741750F-DC85-4701-90F7-4AE00DB04B0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E126E318-6572-4BC3-8FA4-835AC49432C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A5B622B-C14C-4160-ACFD-CD2AB3786828\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBE0A85A-5B1A-49E0-8FC7-4A68505B6506\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8E3CEAB-E58E-4870-A719-F46D6DE2E710\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DEDD149-4BBB-47A1-8E23-2247DCF9C13C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"225B90A0-757D-4406-9EC1-A31968CC7F87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC8157B8-A26B-4148-A02A-DBEC662FE701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F74AEAE-D823-4B1A-9979-0739F6BA17CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21FC35CD-79D1-4279-B719-6398C6636113\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5053FDB3-E711-434A-A6A6-4C580A2FF43A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6955DB34-FA12-41A6-A90F-456777ADEB81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B92D875-509C-42BE-90E4-112C94170199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B83917A-D326-4874-AD82-0DBD131DC0EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5C19F44-AB0F-44BB-A298-F81B853FA71D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B981590F-0649-4BBA-AB5F-CC5C7858DFF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A36B9F9-6D45-4D84-869A-25131BF482BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FADC5C69-1910-4D19-97B2-B44A594B8B34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5314895-961D-4D2B-A0C9-1B23C03317CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA5A5B1C-7111-464E-9F49-D13621233AC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A6E52B8-7635-4376-AFAD-935DB44B923C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C97CB502-CE1E-4B63-88D0-7A826C825B84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F3AAD33-275B-4FF1-9434-BEE85543F7B3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en cf-release versiones anteriores a 263; UAA release versiones 2.x anteriores a 2.7.4.18, versiones 3.6.x anteriores a 3.6.12, versiones 3.9.x anteriores a 3.9.14, y otras versiones anteriores a 4.3.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a 13.16, versiones 24.x anteriores a 24.11, versiones 30.x anteriores a 30.4 y otras versiones anteriores a 40 de Cloud Foundry Foundation. Se present\\u00f3 un problema con los encabezados http reenviados en UAA que podr\\u00eda resultar en corrupci\\u00f3n de la cuenta.\"}]",
      "id": "CVE-2017-4994",
      "lastModified": "2024-11-21T03:26:49.473",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-13T06:29:00.800",
      "references": "[{\"url\": \"https://www.cloudfoundry.org/cve-2017-4994/\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cloudfoundry.org/cve-2017-4994/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-4994\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-06-13T06:29:00.800\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en cf-release versiones anteriores a 263; UAA release versiones 2.x anteriores a 2.7.4.18, versiones 3.6.x anteriores a 3.6.12, versiones 3.9.x anteriores a 3.9.14, y otras versiones anteriores a 4.3.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a 13.16, versiones 24.x anteriores a 24.11, versiones 30.x anteriores a 30.4 y otras versiones anteriores a 40 de Cloud Foundry Foundation. Se present\u00f3 un problema con los encabezados http reenviados en UAA que podr\u00eda resultar en corrupci\u00f3n de la cuenta.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"39\",\"matchCriteriaId\":\"641CFBD1-D8D0-4F7E-BAFD-59A51F3FD353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24E2CE5-6DBA-4B45-951D-0F7189C9A94D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0EB01AB-A033-4DCC-B433-0674078E31DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749B1CBF-6297-4F4D-970D-25D1D0A88AE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C369E22-27DF-40B3-B94F-45DFC47E6A60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A4975D0-2C4D-4883-A849-D434FB8A7E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E85B347-27E2-4EF9-9CF0-13902EC4741D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93081AC1-C07E-4E6D-8B1E-8D561461FEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F6208B-7FA5-4177-8942-2037BEE99546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8120A442-6A3D-4918-A829-A84B2B9694E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7AF658-FFBB-49AB-8A44-9989A7FEC707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC42F184-AFEC-4992-BFEF-B410CDF1452A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"147C8C7B-F6C6-4338-A181-BF450C53C14B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"555B74DE-E5D6-493B-96B4-87C636104B64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A090F790-1A28-4238-8727-3F9475706A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEFE0727-C152-4726-A70E-C75BACD31071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38D708B8-485D-445E-8A21-474A500F1184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4B8A221-8740-4D35-871D-EABDB2F8332D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A426C1DD-0C64-468A-B96E-B0B94FFF0A89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEFEEACE-5BED-4507-A770-69D36F478791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"860B073C-AC50-473C-9650-7421F3638FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BBC265-7026-469B-BB30-D7DB7A334A65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E99F4C-6BB5-415E-A5F3-285A3219EEF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E24F1B-C999-4C02-BFDD-00F1E2A53E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75D365CB-5BDA-4387-AA3E-2F02B552162F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E80E3184-345D-4C78-ABAA-94B3D9A53252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F654A04-B949-415D-982A-7341486B2B01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF9F58F-1387-4D84-932F-8CC8F380E797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"262\",\"matchCriteriaId\":\"DFB1693A-98D4-47AB-ADD3-A8412AD24F7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.0\",\"matchCriteriaId\":\"FF552C5A-2298-43F4-AF70-20E9E4B402D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"942E59F5-172F-4802-81AE-D43E72189889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"504AA7E0-D1F5-4097-B53B-F0E36328B1EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DCD6CB7-5D49-4897-8353-44E5B08D9375\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1B4C4EB-3337-4053-BA4B-93A849263A42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9339A684-B1F0-4110-9E48-A04BED74DC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2261C887-8179-4BBA-A2CF-174F8F3017FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EED2616-E58D-4604-BBBC-AC24BCA068A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"916733EA-F51A-49E2-9D47-9B713B36C847\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA1887F9-EB71-41AE-9E45-DD86A54AA958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D01A32-98DA-4F7F-B7A0-D1695478C208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C57AACB-1ECA-4047-A8AA-D768DA54BB86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D164FF1-D85D-4800-A726-465A32974BEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10286C78-A413-4FD3-B7F7-39C17A50D75C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D022F9B-4877-4A97-AE22-BAF579B38DE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D2BF0D-963C-430F-A4FE-F452F15035BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D8C3C5E-E942-483A-A914-CC57DDCB6EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D1773D7-B165-414D-9374-9AC8401CE461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D741750F-DC85-4701-90F7-4AE00DB04B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E126E318-6572-4BC3-8FA4-835AC49432C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5B622B-C14C-4160-ACFD-CD2AB3786828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE0A85A-5B1A-49E0-8FC7-4A68505B6506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E3CEAB-E58E-4870-A719-F46D6DE2E710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DEDD149-4BBB-47A1-8E23-2247DCF9C13C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"225B90A0-757D-4406-9EC1-A31968CC7F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8157B8-A26B-4148-A02A-DBEC662FE701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F74AEAE-D823-4B1A-9979-0739F6BA17CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21FC35CD-79D1-4279-B719-6398C6636113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5053FDB3-E711-434A-A6A6-4C580A2FF43A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6955DB34-FA12-41A6-A90F-456777ADEB81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B92D875-509C-42BE-90E4-112C94170199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B83917A-D326-4874-AD82-0DBD131DC0EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5C19F44-AB0F-44BB-A298-F81B853FA71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B981590F-0649-4BBA-AB5F-CC5C7858DFF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A36B9F9-6D45-4D84-869A-25131BF482BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADC5C69-1910-4D19-97B2-B44A594B8B34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5314895-961D-4D2B-A0C9-1B23C03317CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA5A5B1C-7111-464E-9F49-D13621233AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A6E52B8-7635-4376-AFAD-935DB44B923C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97CB502-CE1E-4B63-88D0-7A826C825B84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3AAD33-275B-4FF1-9434-BEE85543F7B3\"}]}]}],\"references\":[{\"url\":\"https://www.cloudfoundry.org/cve-2017-4994/\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cloudfoundry.org/cve-2017-4994/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-11427

Vulnerability from cnvd - Published: 2017-06-27

Title

Pivotal Cloud Foundry和UAA拒绝服务漏洞

Description

Pivotal Cloud Foundry（PCF）是美国Pivotal Software公司的产品。PCF是一套开源的平台即服务（PaaS）云计算平台，它提供容器调度、持续交付和自动化服务部署等功能。cf-release是PCF的一个发布版本。UAA是PCF的一个身份验证和管理服务终端。 PCF和UAA中存在安全漏洞。攻击者可借助UAA中已发送的http包头利用该漏洞造成拒绝服务（账户崩溃）。

Severity

中

Patch Name

Pivotal Cloud Foundry和UAA拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.cloudfoundry.org/cve-2017-4994/

Reference

https://www.cloudfoundry.org/cve-2017-4994/

Impacted products

Name
['Pivotal Software Cloud Foundry cf-release <263', 'Pivotal Software UAA release 2.，<2.7.4.18', 'Pivotal Software UAA release 3.6.，<3.6.12', 'Pivotal Software UAA release 3.9.，<3.9.14', 'Pivotal Software UAA release <4.3.0', 'Pivotal Software UAA bosh release (uaa-release) 13.，<13.16', 'Pivotal Software UAA bosh release (uaa-release) 24.，<24.11', 'Pivotal Software UAA bosh release (uaa-release) 30.，3.0.4', 'Pivotal Software UAA bosh release (uaa-release) <40']

Name

['Pivotal Software Cloud Foundry cf-release <263', 'Pivotal Software UAA release 2.*，<2.7.4.18', 'Pivotal Software UAA release 3.6.*，<3.6.12', 'Pivotal Software UAA release 3.9.*，<3.9.14', 'Pivotal Software UAA release <4.3.0', 'Pivotal Software UAA bosh release (uaa-release) 13.*，<13.16', 'Pivotal Software UAA bosh release (uaa-release) 24.*，<24.11', 'Pivotal Software UAA bosh release (uaa-release) 30.*，3.0.4', 'Pivotal Software UAA bosh release (uaa-release) <40']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-4994",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4994"
    }
  },
  "description": "Pivotal Cloud Foundry\uff08PCF\uff09\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4ea7\u54c1\u3002PCF\u662f\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002cf-release\u662fPCF\u7684\u4e00\u4e2a\u53d1\u5e03\u7248\u672c\u3002UAA\u662fPCF\u7684\u4e00\u4e2a\u8eab\u4efd\u9a8c\u8bc1\u548c\u7ba1\u7406\u670d\u52a1\u7ec8\u7aef\u3002\r\n\r\nPCF\u548cUAA\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9UAA\u4e2d\u5df2\u53d1\u9001\u7684http\u5305\u5934\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d26\u6237\u5d29\u6e83\uff09\u3002",
  "discovererName": "GE Digital Security Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.cloudfoundry.org/cve-2017-4994/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-11427",
  "openTime": "2017-06-27",
  "patchDescription": "Pivotal Cloud Foundry\uff08PCF\uff09\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4ea7\u54c1\u3002PCF\u662f\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002cf-release\u662fPCF\u7684\u4e00\u4e2a\u53d1\u5e03\u7248\u672c\u3002UAA\u662fPCF\u7684\u4e00\u4e2a\u8eab\u4efd\u9a8c\u8bc1\u548c\u7ba1\u7406\u670d\u52a1\u7ec8\u7aef\u3002\r\n\r\nPCF\u548cUAA\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9UAA\u4e2d\u5df2\u53d1\u9001\u7684http\u5305\u5934\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d26\u6237\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Cloud Foundry\u548cUAA\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Cloud Foundry cf-release \u003c263",
      "Pivotal Software UAA release 2.*\uff0c\u003c2.7.4.18",
      "Pivotal Software UAA release 3.6.*\uff0c\u003c3.6.12",
      "Pivotal Software UAA release  3.9.*\uff0c\u003c3.9.14",
      "Pivotal Software UAA release  \u003c4.3.0",
      "Pivotal Software UAA bosh release (uaa-release) 13.*\uff0c\u003c13.16",
      "Pivotal Software UAA bosh release (uaa-release)  24.*\uff0c\u003c24.11",
      "Pivotal Software UAA bosh release (uaa-release)  30.*\uff0c3.0.4",
      "Pivotal Software UAA bosh release (uaa-release)  \u003c40"
    ]
  },
  "referenceLink": "https://www.cloudfoundry.org/cve-2017-4994/",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-16",
  "title": "Pivotal Cloud Foundry\u548cUAA\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-75XV-V35M-F8RH

Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2025-04-20 03:38

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-4994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-13T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.",
  "id": "GHSA-75xv-v35m-f8rh",
  "modified": "2025-04-20T03:38:53Z",
  "published": "2022-05-13T01:07:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4994"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/cve-2017-4994"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-4994

Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	security_alert@emc.com	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
cloudfoundry	cloud_foundry_uaa_bosh	*
cloudfoundry	cloud_foundry_uaa_bosh	13.1
cloudfoundry	cloud_foundry_uaa_bosh	13.2
cloudfoundry	cloud_foundry_uaa_bosh	13.3
cloudfoundry	cloud_foundry_uaa_bosh	13.4
cloudfoundry	cloud_foundry_uaa_bosh	13.5
cloudfoundry	cloud_foundry_uaa_bosh	13.6
cloudfoundry	cloud_foundry_uaa_bosh	13.7
cloudfoundry	cloud_foundry_uaa_bosh	13.8
cloudfoundry	cloud_foundry_uaa_bosh	13.9
cloudfoundry	cloud_foundry_uaa_bosh	13.10
cloudfoundry	cloud_foundry_uaa_bosh	13.11
cloudfoundry	cloud_foundry_uaa_bosh	13.12
cloudfoundry	cloud_foundry_uaa_bosh	13.13
cloudfoundry	cloud_foundry_uaa_bosh	13.14
cloudfoundry	cloud_foundry_uaa_bosh	13.15
cloudfoundry	cloud_foundry_uaa_bosh	24
cloudfoundry	cloud_foundry_uaa_bosh	24.1
cloudfoundry	cloud_foundry_uaa_bosh	24.2
cloudfoundry	cloud_foundry_uaa_bosh	24.3
cloudfoundry	cloud_foundry_uaa_bosh	24.4
cloudfoundry	cloud_foundry_uaa_bosh	24.5
cloudfoundry	cloud_foundry_uaa_bosh	24.6
cloudfoundry	cloud_foundry_uaa_bosh	24.7
cloudfoundry	cloud_foundry_uaa_bosh	24.8
cloudfoundry	cloud_foundry_uaa_bosh	24.9
cloudfoundry	cloud_foundry_uaa_bosh	24.10
cloudfoundry	cloud_foundry_uaa_bosh	30
cloudfoundry	cloud_foundry_uaa_bosh	30.1
cloudfoundry	cloud_foundry_uaa_bosh	30.2
cloudfoundry	cloud_foundry_uaa_bosh	30.3
pivotal_software	cloud_foundry_cf	*
pivotal_software	cloud_foundry_uaa	*
pivotal_software	cloud_foundry_uaa	2.2.5.4
pivotal_software	cloud_foundry_uaa	2.7.1
pivotal_software	cloud_foundry_uaa	2.7.2
pivotal_software	cloud_foundry_uaa	2.7.3
pivotal_software	cloud_foundry_uaa	2.7.4
pivotal_software	cloud_foundry_uaa	2.7.4.1
pivotal_software	cloud_foundry_uaa	2.7.4.2
pivotal_software	cloud_foundry_uaa	2.7.4.3
pivotal_software	cloud_foundry_uaa	2.7.4.4
pivotal_software	cloud_foundry_uaa	2.7.4.5
pivotal_software	cloud_foundry_uaa	2.7.4.6
pivotal_software	cloud_foundry_uaa	2.7.4.7
pivotal_software	cloud_foundry_uaa	2.7.4.8
pivotal_software	cloud_foundry_uaa	2.7.4.9
pivotal_software	cloud_foundry_uaa	2.7.4.11
pivotal_software	cloud_foundry_uaa	2.7.4.12
pivotal_software	cloud_foundry_uaa	2.7.4.13
pivotal_software	cloud_foundry_uaa	2.7.4.14
pivotal_software	cloud_foundry_uaa	2.7.4.15
pivotal_software	cloud_foundry_uaa	2.7.4.16
pivotal_software	cloud_foundry_uaa	2.7.4.17
pivotal_software	cloud_foundry_uaa	3.6.1
pivotal_software	cloud_foundry_uaa	3.6.2
pivotal_software	cloud_foundry_uaa	3.6.3
pivotal_software	cloud_foundry_uaa	3.6.4
pivotal_software	cloud_foundry_uaa	3.6.5
pivotal_software	cloud_foundry_uaa	3.6.6
pivotal_software	cloud_foundry_uaa	3.6.7
pivotal_software	cloud_foundry_uaa	3.6.8
pivotal_software	cloud_foundry_uaa	3.6.9
pivotal_software	cloud_foundry_uaa	3.6.10
pivotal_software	cloud_foundry_uaa	3.6.11
pivotal_software	cloud_foundry_uaa	3.9.1
pivotal_software	cloud_foundry_uaa	3.9.2
pivotal_software	cloud_foundry_uaa	3.9.3
pivotal_software	cloud_foundry_uaa	3.9.4
pivotal_software	cloud_foundry_uaa	3.9.5
pivotal_software	cloud_foundry_uaa	3.9.6
pivotal_software	cloud_foundry_uaa	3.9.7
pivotal_software	cloud_foundry_uaa	3.9.8
pivotal_software	cloud_foundry_uaa	3.9.9
pivotal_software	cloud_foundry_uaa	3.9.10
pivotal_software	cloud_foundry_uaa	3.9.11
pivotal_software	cloud_foundry_uaa	3.9.12
pivotal_software	cloud_foundry_uaa	3.9.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "641CFBD1-D8D0-4F7E-BAFD-59A51F3FD353",
              "versionEndIncluding": "39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24E2CE5-6DBA-4B45-951D-0F7189C9A94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0EB01AB-A033-4DCC-B433-0674078E31DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "749B1CBF-6297-4F4D-970D-25D1D0A88AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C369E22-27DF-40B3-B94F-45DFC47E6A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4975D0-2C4D-4883-A849-D434FB8A7E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E85B347-27E2-4EF9-9CF0-13902EC4741D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93081AC1-C07E-4E6D-8B1E-8D561461FEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F6208B-7FA5-4177-8942-2037BEE99546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8120A442-6A3D-4918-A829-A84B2B9694E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7AF658-FFBB-49AB-8A44-9989A7FEC707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC42F184-AFEC-4992-BFEF-B410CDF1452A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "147C8C7B-F6C6-4338-A181-BF450C53C14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "555B74DE-E5D6-493B-96B4-87C636104B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "A090F790-1A28-4238-8727-3F9475706A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEFE0727-C152-4726-A70E-C75BACD31071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D708B8-485D-445E-8A21-474A500F1184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4B8A221-8740-4D35-871D-EABDB2F8332D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A426C1DD-0C64-468A-B96E-B0B94FFF0A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFEEACE-5BED-4507-A770-69D36F478791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "860B073C-AC50-473C-9650-7421F3638FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BBC265-7026-469B-BB30-D7DB7A334A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E99F4C-6BB5-415E-A5F3-285A3219EEF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E24F1B-C999-4C02-BFDD-00F1E2A53E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D365CB-5BDA-4387-AA3E-2F02B552162F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80E3184-345D-4C78-ABAA-94B3D9A53252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F654A04-B949-415D-982A-7341486B2B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF9F58F-1387-4D84-932F-8CC8F380E797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1693A-98D4-47AB-ADD3-A8412AD24F7E",
              "versionEndIncluding": "262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF552C5A-2298-43F4-AF70-20E9E4B402D4",
              "versionEndIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "942E59F5-172F-4802-81AE-D43E72189889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B4C4EB-3337-4053-BA4B-93A849263A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9339A684-B1F0-4110-9E48-A04BED74DC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2261C887-8179-4BBA-A2CF-174F8F3017FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EED2616-E58D-4604-BBBC-AC24BCA068A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1887F9-EB71-41AE-9E45-DD86A54AA958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D01A32-98DA-4F7F-B7A0-D1695478C208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C57AACB-1ECA-4047-A8AA-D768DA54BB86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D164FF1-D85D-4800-A726-465A32974BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "10286C78-A413-4FD3-B7F7-39C17A50D75C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D022F9B-4877-4A97-AE22-BAF579B38DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D2BF0D-963C-430F-A4FE-F452F15035BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8C3C5E-E942-483A-A914-CC57DDCB6EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D1773D7-B165-414D-9374-9AC8401CE461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D741750F-DC85-4701-90F7-4AE00DB04B0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E126E318-6572-4BC3-8FA4-835AC49432C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5B622B-C14C-4160-ACFD-CD2AB3786828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBE0A85A-5B1A-49E0-8FC7-4A68505B6506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E3CEAB-E58E-4870-A719-F46D6DE2E710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEDD149-4BBB-47A1-8E23-2247DCF9C13C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "225B90A0-757D-4406-9EC1-A31968CC7F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8157B8-A26B-4148-A02A-DBEC662FE701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F74AEAE-D823-4B1A-9979-0739F6BA17CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FC35CD-79D1-4279-B719-6398C6636113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5053FDB3-E711-434A-A6A6-4C580A2FF43A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6955DB34-FA12-41A6-A90F-456777ADEB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B92D875-509C-42BE-90E4-112C94170199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B83917A-D326-4874-AD82-0DBD131DC0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C19F44-AB0F-44BB-A298-F81B853FA71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B981590F-0649-4BBA-AB5F-CC5C7858DFF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A36B9F9-6D45-4D84-869A-25131BF482BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADC5C69-1910-4D19-97B2-B44A594B8B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5314895-961D-4D2B-A0C9-1B23C03317CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5A5B1C-7111-464E-9F49-D13621233AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6E52B8-7635-4376-AFAD-935DB44B923C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97CB502-CE1E-4B63-88D0-7A826C825B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3AAD33-275B-4FF1-9434-BEE85543F7B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en cf-release versiones anteriores a 263; UAA release versiones 2.x anteriores a 2.7.4.18, versiones 3.6.x anteriores a 3.6.12, versiones 3.9.x anteriores a 3.9.14, y otras versiones anteriores a 4.3.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a 13.16, versiones 24.x anteriores a 24.11, versiones 30.x anteriores a 30.4 y otras versiones anteriores a 40 de Cloud Foundry Foundation. Se present\u00f3 un problema con los encabezados http reenviados en UAA que podr\u00eda resultar en corrupci\u00f3n de la cuenta."
    }
  ],
  "id": "CVE-2017-4994",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T06:29:00.800",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-4994/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-4994/"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-4994

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-4994

Aliases

CVE-2017-4994

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-4994",
    "description": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.",
    "id": "GSD-2017-4994"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-4994"
      ],
      "details": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.",
      "id": "GSD-2017-4994",
      "modified": "2023-12-13T01:21:02.860140Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-4994",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cloud Foundry",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cloud Foundry"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Forwarded Headers in UAA"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cloudfoundry.org/cve-2017-4994/",
            "refsource": "CONFIRM",
            "url": "https://www.cloudfoundry.org/cve-2017-4994/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "262",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-4994"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/cve-2017-4994/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.cloudfoundry.org/cve-2017-4994/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-08-06T13:07Z",
      "publishedDate": "2017-06-13T06:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-4994 (GCVE-0-2017-4994)

CNVD-2017-11427

GHSA-75XV-V35M-F8RH

FKIE_CVE-2017-4994

GSD-2017-4994

Tags

Sightings

Nomenclature