CVE-2016-0896
Published Sep 18, 2016
Last updated 8 years ago
Overview
- Description
- Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.
- Source
- security_alert@emc.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-254
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D91DEF2-7A58-4C05-BD04-585D0A0A4E2D",
"versionEndIncluding": "1.6.33"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85E08C11-76E1-4F91-8061-5DA1BABD8767"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4"
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70"
}
],
"operator": "OR"
}
]
}
]