Authentication hijack in Pivotal Cloud Foundry Ops Manager
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6637 |
| CWE-ID | CWE-352 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Pivotal Cloud Foundry Ops Manager Client/Desktop applications / Software for archiving Pivotal Cloud Foundry Elastic Runtime Client/Desktop applications / Software for archiving Cloud Foundry UAA Server applications / Web servers Bosh Release for the UAA Server applications / Virtualization software |
| Vendor | Cloud Foundry Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Authentication hijack
EUVDB-ID: #VU712
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6637
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote user hijack valid user's authentication on the target language.
The weakness exists due to cross-site request forgery and allows attacker to steal user's authentication data.
Successful exploitation of the vulnerability may result in using victim's authentication for approval/denial a scope via a profile or approval page authorization.
Update Pivotal Cloud Foundry (PCF) UAA 2.x to 2.7.4.7, 3.x to 3.3.0.5, and 3.4.x to 3.4.4.
Update Pivotal Cloud Foundry (PCF) UAA BOSH 11.5 and 12.x to 12.5.
Update Pivotal Cloud Foundry (PCF) Elastic Runtime 1.7.x to 1.7.21, and 1.8.x to 1.8.2.
Update Pivotal Cloud Foundry (PCF) Ops Manager 1.7.x to 1.7.13 and 1.8.x to 1.8.1.
Pivotal Cloud Foundry Ops Manager: 1.7.0 - 1.8.0
Pivotal Cloud Foundry Elastic Runtime: 1.7.1 - 1.8.1
Cloud Foundry UAA: 2.0 - 2.7
Bosh Release for the UAA: 11.5 - 12.4
CPE2.3- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:cloud_foundry_uaa:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:cloud_foundry_uaa:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:cloud_foundry_uaa:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_uaa_bosh:12.4:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_uaa_bosh:12.3:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_uaa_bosh:12.2:*:*:*:*:*:*:*
http://pivotal.io/security/cve-2016-6637
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted archive.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
