[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-8037

Date: (C)2017-08-24   (M)2017-12-06 


In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
https://www.cloudfoundry.org/cve-2017-8037/

CPE    56
cpe:/a:cloudfoundry:capi-release:1.7.0
cpe:/a:cloudfoundry:capi-release:1.8.0
cpe:/a:cloudfoundry:capi-release:1.9.0
cpe:/a:cloudfoundry:capi-release:1.10.0
...
CWE    1
CWE-200

© 2013 SecPod Technologies