Vulnerability Description
Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Cloud Foundry Uaa Bosh | <= 23.0 |
| Pivotal Software | Cloud Foundry | <= 247.0 |
| Pivotal Software | Cloud Foundry Uaa | <= 3.9.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95085
- https://www.cloudfoundry.org/cve-2016-6659/Vendor Advisory
- http://www.securityfocus.com/bid/95085
- https://www.cloudfoundry.org/cve-2016-6659/Vendor Advisory
FAQ
What is CVE-2016-6659?
CVE-2016-6659 is a vulnerability with a CVSS score of 8.1 (HIGH). Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 ...
How severe is CVE-2016-6659?
CVE-2016-6659 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6659?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Cloud Foundry Uaa Bosh, Pivotal Software Cloud Foundry, Pivotal Software Cloud Foundry Uaa.