// For flags

CVE-2016-0715

 

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.

Pivotal Cloud Foundry Elastic Runtime, desde la versión 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versión 1.6.0 hasta la 1.6.11 es vulnerable a una divulgación de información remota. Se ha detectado que las instrucciones originales de configuración de la mitigación que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podrían hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgación de información remota. Las aplicaciones afectadas emplean la detección automatizada de buildpack, sirven archivos directamente desde el root de la aplicación y tienen un buildpack que coincidía con el Java Buildpack en la prioridad del sistema buildpack cuando Java Buildpack estaba presente en versiones desde la2.0 hasta la 3.4.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-16 CVE Reserved
  • 2018-09-11 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://pivotal.io/security/cve-2016-0715 2019-10-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pivotal Software
Search vendor "Pivotal Software"
 Cloud Foundry Elastic Runtime
Search vendor "Pivotal Software" for product "Cloud Foundry Elastic Runtime"
 >= 1.4.0 <= 1.4.5
Search vendor "Pivotal Software" for product "Cloud Foundry Elastic Runtime" and version " >= 1.4.0 <= 1.4.5"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
 Cloud Foundry Elastic Runtime
Search vendor "Pivotal Software" for product "Cloud Foundry Elastic Runtime"
 >= 1.5.0 <= 1.5.11
Search vendor "Pivotal Software" for product "Cloud Foundry Elastic Runtime" and version " >= 1.5.0 <= 1.5.11"
-
Affected
Pivotal Software
Search vendor "Pivotal Software"
 Cloud Foundry Elastic Runtime
Search vendor "Pivotal Software" for product "Cloud Foundry Elastic Runtime"
 >= 1.6.0 <= 1.6.11
Search vendor "Pivotal Software" for product "Cloud Foundry Elastic Runtime" and version " >= 1.6.0 <= 1.6.11"
-
Affected