CVE-2016-0896 — HIGH (7.3) — White Hats Nepal

Q: How severe is CVE-2016-0896?

CVE-2016-0896 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-0896?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry Elastic Runtime.

Vulnerability Description

Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.

CVSS Score

7.3

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Pivotal Software	Cloud Foundry Elastic Runtime	<= 1.6.33

Related Weaknesses (CWE)

CWE-254

References

http://www.securityfocus.com/bid/92161
https://pivotal.io/security/cve-2016-0896MitigationVendor Advisory
http://www.securityfocus.com/bid/92161
https://pivotal.io/security/cve-2016-0896MitigationVendor Advisory

FAQ

What is CVE-2016-0896?

CVE-2016-0896 is a vulnerability with a CVSS score of 7.3 (HIGH). Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intende...

How severe is CVE-2016-0896?

CVE-2016-0896 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0896?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry Elastic Runtime.