Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
github.com/cloudfoundry/cf-release/releases/tag/v240
github.com/cloudfoundry/uaa-release/releases/tag/v11.3
github.com/cloudfoundry/uaa-release/releases/tag/v12.3
github.com/cloudfoundry/uaa/commit/0a78612f981c541ad2d997e6a365f2a0b3e799d9
github.com/cloudfoundry/uaa/commit/bc91ccd2029e8f1cea0c647f0c9aad4585f7a2c
github.com/cloudfoundry/uaa/commit/f97049df1c6c03effda5049c41704ac831ff3925
github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
github.com/cloudfoundry/uaa/releases/tag/3.4.2
nvd.nist.gov/vuln/detail/CVE-2016-5016
pivotal.io/security/cve-2016-5016