Description
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Remediation
References
https://github.com/cloudfoundry/cf-release/releases/tag/v240
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
https://pivotal.io/security/cve-2016-5016
Related Vulnerabilities
CVE-2018-15494 Vulnerability in maven package org.webjars.bowergithub.dojo:dojox
CVE-2021-21304 Vulnerability in npm package dynamoose
CVE-2018-20242 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2020-11009 Vulnerability in maven package org.rundeck:rundeck
CVE-2022-21191 Vulnerability in npm package global-modules-path