CVE-2016-5016 — MEDIUM (5.9)

Q: How severe is CVE-2016-5016?

CVE-2016-5016 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-5016?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry, Pivotal Software Cloud Foundry Elastic Runtime, Pivotal Software Cloud Foundry Uaa, Pivotal Software Cloud Foundry Uaa-Release.

Vulnerability Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Pivotal Software	Cloud Foundry	<= 239
Pivotal Software	Cloud Foundry Elastic Runtime	>= 1.6.0, < 1.6.35
Pivotal Software	Cloud Foundry Uaa	<= 3.4.1
Pivotal Software	Cloud Foundry Uaa-Release	<= 12.2

Related Weaknesses (CWE)

CWE-295

References

https://github.com/cloudfoundry/cf-release/releases/tag/v240Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2Release NotesThird Party Advisory
https://pivotal.io/security/cve-2016-5016Vendor Advisory
https://github.com/cloudfoundry/cf-release/releases/tag/v240Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3Release NotesThird Party Advisory
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2Release NotesThird Party Advisory
https://pivotal.io/security/cve-2016-5016Vendor Advisory

FAQ

What is CVE-2016-5016?

CVE-2016-5016 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1....

How severe is CVE-2016-5016?

CVE-2016-5016 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5016?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry, Pivotal Software Cloud Foundry Elastic Runtime, Pivotal Software Cloud Foundry Uaa, Pivotal Software Cloud Foundry Uaa-Release.