Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:1C50F69A8EF1EEF0D9FE10493A09B273
HistoryJun 13, 2016 - 12:00 a.m.

CVE-2016-4435 BOSH Agent Anonymous Endpoint | Cloud Foundry

2016-06-1300:00:00
Cloud Foundry
www.cloudfoundry.org
40

0.002 Low

EPSS

Percentile

57.1%

JSON

CVE-2016-4435 BOSH Agent Anonymous Endpoint

Medium

Vendor

Cloud Foundry Foundation

Versions Affected

  • BOSH stemcell versions prior to 3232.6 and 3146.13

Description

An endpoint of the Agent running on the BOSH Director VM may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

Affected Products and Versions

  • BOSH stemcell versions prior to 3232.6 and 3146.13

Mitigation

Users of affected versions should apply the following mitigation:

  • Upgrade BOSH stemcell versions to 3232.6 and 3146.13

Credit

This issue was identified by a VMware team and reported responsibly to the Cloud Foundry Foundation.

References

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2016-4435
2017-05-25 17:29:00
prion
prion
Code injection
2017-05-25 17:29:00
cve
cve
CVE-2016-4435
2017-05-25 17:29:00
cvelist
cvelist
CVE-2016-4435
2017-05-25 17:00:00

0.002 Low

EPSS

Percentile

57.1%

JSON
Related for CFOUNDRY:1C50F69A8EF1EEF0D9FE10493A09B273
nvd1prion1cve1cvelist1