fkie_nvd - fkie_cve-2017-4994

FKIE_CVE-2017-4994

Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.

References

	URL	Tags
	security_alert@emc.com	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
cloudfoundry	cloud_foundry_uaa_bosh	*
cloudfoundry	cloud_foundry_uaa_bosh	13.1
cloudfoundry	cloud_foundry_uaa_bosh	13.2
cloudfoundry	cloud_foundry_uaa_bosh	13.3
cloudfoundry	cloud_foundry_uaa_bosh	13.4
cloudfoundry	cloud_foundry_uaa_bosh	13.5
cloudfoundry	cloud_foundry_uaa_bosh	13.6
cloudfoundry	cloud_foundry_uaa_bosh	13.7
cloudfoundry	cloud_foundry_uaa_bosh	13.8
cloudfoundry	cloud_foundry_uaa_bosh	13.9
cloudfoundry	cloud_foundry_uaa_bosh	13.10
cloudfoundry	cloud_foundry_uaa_bosh	13.11
cloudfoundry	cloud_foundry_uaa_bosh	13.12
cloudfoundry	cloud_foundry_uaa_bosh	13.13
cloudfoundry	cloud_foundry_uaa_bosh	13.14
cloudfoundry	cloud_foundry_uaa_bosh	13.15
cloudfoundry	cloud_foundry_uaa_bosh	24
cloudfoundry	cloud_foundry_uaa_bosh	24.1
cloudfoundry	cloud_foundry_uaa_bosh	24.2
cloudfoundry	cloud_foundry_uaa_bosh	24.3
cloudfoundry	cloud_foundry_uaa_bosh	24.4
cloudfoundry	cloud_foundry_uaa_bosh	24.5
cloudfoundry	cloud_foundry_uaa_bosh	24.6
cloudfoundry	cloud_foundry_uaa_bosh	24.7
cloudfoundry	cloud_foundry_uaa_bosh	24.8
cloudfoundry	cloud_foundry_uaa_bosh	24.9
cloudfoundry	cloud_foundry_uaa_bosh	24.10
cloudfoundry	cloud_foundry_uaa_bosh	30
cloudfoundry	cloud_foundry_uaa_bosh	30.1
cloudfoundry	cloud_foundry_uaa_bosh	30.2
cloudfoundry	cloud_foundry_uaa_bosh	30.3
pivotal_software	cloud_foundry_cf	*
pivotal_software	cloud_foundry_uaa	*
pivotal_software	cloud_foundry_uaa	2.2.5.4
pivotal_software	cloud_foundry_uaa	2.7.1
pivotal_software	cloud_foundry_uaa	2.7.2
pivotal_software	cloud_foundry_uaa	2.7.3
pivotal_software	cloud_foundry_uaa	2.7.4
pivotal_software	cloud_foundry_uaa	2.7.4.1
pivotal_software	cloud_foundry_uaa	2.7.4.2
pivotal_software	cloud_foundry_uaa	2.7.4.3
pivotal_software	cloud_foundry_uaa	2.7.4.4
pivotal_software	cloud_foundry_uaa	2.7.4.5
pivotal_software	cloud_foundry_uaa	2.7.4.6
pivotal_software	cloud_foundry_uaa	2.7.4.7
pivotal_software	cloud_foundry_uaa	2.7.4.8
pivotal_software	cloud_foundry_uaa	2.7.4.9
pivotal_software	cloud_foundry_uaa	2.7.4.11
pivotal_software	cloud_foundry_uaa	2.7.4.12
pivotal_software	cloud_foundry_uaa	2.7.4.13
pivotal_software	cloud_foundry_uaa	2.7.4.14
pivotal_software	cloud_foundry_uaa	2.7.4.15
pivotal_software	cloud_foundry_uaa	2.7.4.16
pivotal_software	cloud_foundry_uaa	2.7.4.17
pivotal_software	cloud_foundry_uaa	3.6.1
pivotal_software	cloud_foundry_uaa	3.6.2
pivotal_software	cloud_foundry_uaa	3.6.3
pivotal_software	cloud_foundry_uaa	3.6.4
pivotal_software	cloud_foundry_uaa	3.6.5
pivotal_software	cloud_foundry_uaa	3.6.6
pivotal_software	cloud_foundry_uaa	3.6.7
pivotal_software	cloud_foundry_uaa	3.6.8
pivotal_software	cloud_foundry_uaa	3.6.9
pivotal_software	cloud_foundry_uaa	3.6.10
pivotal_software	cloud_foundry_uaa	3.6.11
pivotal_software	cloud_foundry_uaa	3.9.1
pivotal_software	cloud_foundry_uaa	3.9.2
pivotal_software	cloud_foundry_uaa	3.9.3
pivotal_software	cloud_foundry_uaa	3.9.4
pivotal_software	cloud_foundry_uaa	3.9.5
pivotal_software	cloud_foundry_uaa	3.9.6
pivotal_software	cloud_foundry_uaa	3.9.7
pivotal_software	cloud_foundry_uaa	3.9.8
pivotal_software	cloud_foundry_uaa	3.9.9
pivotal_software	cloud_foundry_uaa	3.9.10
pivotal_software	cloud_foundry_uaa	3.9.11
pivotal_software	cloud_foundry_uaa	3.9.12
pivotal_software	cloud_foundry_uaa	3.9.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "641CFBD1-D8D0-4F7E-BAFD-59A51F3FD353",
              "versionEndIncluding": "39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24E2CE5-6DBA-4B45-951D-0F7189C9A94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0EB01AB-A033-4DCC-B433-0674078E31DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "749B1CBF-6297-4F4D-970D-25D1D0A88AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C369E22-27DF-40B3-B94F-45DFC47E6A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4975D0-2C4D-4883-A849-D434FB8A7E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E85B347-27E2-4EF9-9CF0-13902EC4741D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93081AC1-C07E-4E6D-8B1E-8D561461FEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F6208B-7FA5-4177-8942-2037BEE99546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8120A442-6A3D-4918-A829-A84B2B9694E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7AF658-FFBB-49AB-8A44-9989A7FEC707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC42F184-AFEC-4992-BFEF-B410CDF1452A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "147C8C7B-F6C6-4338-A181-BF450C53C14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "555B74DE-E5D6-493B-96B4-87C636104B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "A090F790-1A28-4238-8727-3F9475706A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEFE0727-C152-4726-A70E-C75BACD31071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D708B8-485D-445E-8A21-474A500F1184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4B8A221-8740-4D35-871D-EABDB2F8332D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A426C1DD-0C64-468A-B96E-B0B94FFF0A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFEEACE-5BED-4507-A770-69D36F478791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "860B073C-AC50-473C-9650-7421F3638FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BBC265-7026-469B-BB30-D7DB7A334A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E99F4C-6BB5-415E-A5F3-285A3219EEF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E24F1B-C999-4C02-BFDD-00F1E2A53E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D365CB-5BDA-4387-AA3E-2F02B552162F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80E3184-345D-4C78-ABAA-94B3D9A53252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F654A04-B949-415D-982A-7341486B2B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF9F58F-1387-4D84-932F-8CC8F380E797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1693A-98D4-47AB-ADD3-A8412AD24F7E",
              "versionEndIncluding": "262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF552C5A-2298-43F4-AF70-20E9E4B402D4",
              "versionEndIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "942E59F5-172F-4802-81AE-D43E72189889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B4C4EB-3337-4053-BA4B-93A849263A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9339A684-B1F0-4110-9E48-A04BED74DC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2261C887-8179-4BBA-A2CF-174F8F3017FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EED2616-E58D-4604-BBBC-AC24BCA068A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1887F9-EB71-41AE-9E45-DD86A54AA958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D01A32-98DA-4F7F-B7A0-D1695478C208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C57AACB-1ECA-4047-A8AA-D768DA54BB86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D164FF1-D85D-4800-A726-465A32974BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "10286C78-A413-4FD3-B7F7-39C17A50D75C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D022F9B-4877-4A97-AE22-BAF579B38DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D2BF0D-963C-430F-A4FE-F452F15035BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8C3C5E-E942-483A-A914-CC57DDCB6EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D1773D7-B165-414D-9374-9AC8401CE461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D741750F-DC85-4701-90F7-4AE00DB04B0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E126E318-6572-4BC3-8FA4-835AC49432C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5B622B-C14C-4160-ACFD-CD2AB3786828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBE0A85A-5B1A-49E0-8FC7-4A68505B6506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E3CEAB-E58E-4870-A719-F46D6DE2E710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEDD149-4BBB-47A1-8E23-2247DCF9C13C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "225B90A0-757D-4406-9EC1-A31968CC7F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8157B8-A26B-4148-A02A-DBEC662FE701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F74AEAE-D823-4B1A-9979-0739F6BA17CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FC35CD-79D1-4279-B719-6398C6636113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5053FDB3-E711-434A-A6A6-4C580A2FF43A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6955DB34-FA12-41A6-A90F-456777ADEB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B92D875-509C-42BE-90E4-112C94170199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B83917A-D326-4874-AD82-0DBD131DC0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C19F44-AB0F-44BB-A298-F81B853FA71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B981590F-0649-4BBA-AB5F-CC5C7858DFF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A36B9F9-6D45-4D84-869A-25131BF482BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADC5C69-1910-4D19-97B2-B44A594B8B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5314895-961D-4D2B-A0C9-1B23C03317CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5A5B1C-7111-464E-9F49-D13621233AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6E52B8-7635-4376-AFAD-935DB44B923C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97CB502-CE1E-4B63-88D0-7A826C825B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3AAD33-275B-4FF1-9434-BEE85543F7B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en cf-release versiones anteriores a 263; UAA release versiones 2.x anteriores a 2.7.4.18, versiones 3.6.x anteriores a 3.6.12, versiones 3.9.x anteriores a 3.9.14, y otras versiones anteriores a 4.3.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a 13.16, versiones 24.x anteriores a 24.11, versiones 30.x anteriores a 30.4 y otras versiones anteriores a 40 de Cloud Foundry Foundation. Se present\u00f3 un problema con los encabezados http reenviados en UAA que podr\u00eda resultar en corrupci\u00f3n de la cuenta."
    }
  ],
  "id": "CVE-2017-4994",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T06:29:00.800",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-4994/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-4994/"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-4994 (GCVE-0-2017-4994)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47

Summary

Severity ?

No CVSS data available.

CWE

Forwarded Headers in UAA

Assigner

dell

References

URL

	Vendor	Product	Version
	n/a	Cloud Foundry	Affected: Cloud Foundry

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2017-4994

CVE-2017-4994 (GCVE-0-2017-4994)

Tags

Sightings

Nomenclature