CVE-2016-9885
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.
Se descubrió un problema en Pivotal GemFire para PCF 1.6.x versiones previas a 1.6.5 y 1.7.x versiones previas a 1.7.1. El punto final gfsh (Geode Shell), utilizado por operadores y desarrolladores de aplicaciones para conectar a su cluster, no está autenticado y es públicamente accesible. Debido a que las comunicaciones HTTPS terminan en el gorouter, las comunicaciones desde el gorouter a los clusters GemFire no están cifradas. Un atacante podría ejecutar cualquier comando disponible en gfsh y podría provocar denegación de servicio, pérdida de la confidencialidad de los datos, escalar privilegios o escuchar otras comunicaciones entre el gorouter y el cluster.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-06 CVE Reserved
- 2017-01-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-254: 7PK - Security Features
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95270 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://pivotal.io/security/cve-2016-9885 | 2017-01-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pivotal Software Search vendor "Pivotal Software" | Gemfire For Pivotal Cloud Foundry Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" | 1.6.0.0 Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" and version "1.6.0.0" | - |
Affected
| ||||||
| Pivotal Software Search vendor "Pivotal Software" | Gemfire For Pivotal Cloud Foundry Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" | 1.6.1 Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" and version "1.6.1" | - |
Affected
| ||||||
| Pivotal Software Search vendor "Pivotal Software" | Gemfire For Pivotal Cloud Foundry Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" | 1.6.2 Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" and version "1.6.2" | - |
Affected
| ||||||
| Pivotal Software Search vendor "Pivotal Software" | Gemfire For Pivotal Cloud Foundry Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" | 1.6.3.0 Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" and version "1.6.3.0" | - |
Affected
| ||||||
| Pivotal Software Search vendor "Pivotal Software" | Gemfire For Pivotal Cloud Foundry Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" | 1.6.4.0 Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" and version "1.6.4.0" | - |
Affected
| ||||||
| Pivotal Software Search vendor "Pivotal Software" | Gemfire For Pivotal Cloud Foundry Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" | 1.7.0.0 Search vendor "Pivotal Software" for product "Gemfire For Pivotal Cloud Foundry" and version "1.7.0.0" | - |
Affected
| ||||||