Vulnerability Description
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Php-Buildpack | <= 4.3.17 |
| Pivotal | Cloud Foundry Elastic Runtime | <= 1.6.37 |
Related Weaknesses (CWE)
References
- https://github.com/cloudfoundry/php-buildpack/commit/e2db3ccd4812e0c0aba20720fc5PatchThird Party Advisory
- https://pivotal.io/security/cve-2016-6639Vendor Advisory
- https://github.com/cloudfoundry/php-buildpack/commit/e2db3ccd4812e0c0aba20720fc5PatchThird Party Advisory
- https://pivotal.io/security/cve-2016-6639Vendor Advisory
FAQ
What is CVE-2016-6639?
CVE-2016-6639 is a vulnerability with a CVSS score of 7.5 (HIGH). Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and ...
How severe is CVE-2016-6639?
CVE-2016-6639 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6639?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Php-Buildpack, Pivotal Cloud Foundry Elastic Runtime.