// For flags

CVE-2016-0708

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.

Las aplicaciones desplegadas en Cloud Foundry, desde la versión v166 hasta la v227, podrían ser vulnerables a una divulgación de información remota que incluye, pero no se limita a, las variables de entorno y los detalles del servicio bound. Para que las aplicaciones sean vulnerables, deben haber sido preparadas mediante la detección automática de buildpack, pasadas a través del script de detección de Java Buildpack y deben permitir que se sirva contenido estático desde dentro del artefactos desplegados. La configuración por defecto de Apache Tomcat en las versiones afectadas del Buildpack de Java para algunas aplicaciones WAR (web application archive) empaquetadas son vulnerables a este problema.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-16 CVE Reserved
  • 2018-07-11 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.cloudfoundry.org/blog/cve-2016-0708 2018-09-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cloudfoundry
Search vendor "Cloudfoundry"
 Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
 >= 166 <= 227
Search vendor "Cloudfoundry" for product "Cf-release" and version " >= 166 <= 227"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
 Java Buildpack
Search vendor "Cloudfoundry" for product "Java Buildpack"
 >= 2.0 <= 3.4
Search vendor "Cloudfoundry" for product "Java Buildpack" and version " >= 2.0 <= 3.4"
-
Affected