Access bypass in Pivotal Cloud Foundry Elastic Runtime
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6636 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Pivotal Cloud Foundry Elastic Runtime Client/Desktop applications / Software for archiving Pivotal Cloud Foundry Ops Manager Client/Desktop applications / Software for archiving Cloud Foundry UAA Server applications / Web servers Bosh Release for the UAA Server applications / Virtualization software |
| Vendor | Cloud Foundry Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Access bypass
EUVDB-ID: #VU713
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability alows a remote user to obtain implicit access tokens on the target system.
The weakness is caused by incorrect validation of redirect_uri during OAuth authorization flow. By using different request subdomain attackers can get implicit access tokens.
Successful exploitation of the vulnerability allows a malicious user to access implicit tolens on the vulnerable system.
Update Pivotal Cloud Foundry UAA 2.x to 2.7.4.7, 3.x to 3.3.0.5, and 3.4.x to 3.4.4;
Update Pivotal Cloud Foundry UAA BOSH 11.5 and 12.x to 12.5;
Update Pivotal Cloud Foundry Elastic Runtime 1.6.40, 1.7.x to 1.7.21, and 1.8.x to 1.8.1;
Update Pivotal Cloud Foundry Ops Manager 1.7.x to 1.7.13 and 1.8.x to
1.8.1.
Pivotal Cloud Foundry Elastic Runtime: 1.6.40 - 1.8.1
Cloud Foundry UAA: 2.0 - 3.4.4
Pivotal Cloud Foundry Ops Manager: 1.7.0 - 1.8.0
Bosh Release for the UAA: 11.5 - 12.4
CPE2.3- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:cloud_foundry_uaa:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:cloud_foundry_uaa:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:cloud_foundry_uaa:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_uaa_bosh:12.4:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_uaa_bosh:12.3:*:*:*:*:*:*:*
- cpe:2.3:a:cloud_foundry_foundation:pivotal_cloud_foundry_uaa_bosh:12.2:*:*:*:*:*:*:*
http://pivotal.io/security/cve-2016-6636
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted archive.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
