CVE-2016-6639: PHP Buildpack exposes .profile file
Medium
Cloud Foundry Foundation
The .profile file, which can potentially include environment variables and credentials, is exposed by default in the PHP Buildpack. The PHP buildpack prior to v4.3.18 did not actually allow for execution of the .profile file, so it is unlikely that many applications were using it.
Users of affected versions should apply the following mitigation:
Cloud Foundry Buildpacks Team
[1] <https://github.com/cloudfoundry/php-buildpack/releases>
2016-09-07: Initial vulnerability report published