CVE-2016-4435 BOSH Agent Anonymous Endpoint
Medium
Cloud Foundry Foundation
An endpoint of the Agent running on the BOSH Director VM may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.
Users of affected versions should apply the following mitigation:
This issue was identified by a VMware team and reported responsibly to the Cloud Foundry Foundation.