Description
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Remediation
References
https://github.com/cloudfoundry/cf-release/releases/tag/v240
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
https://pivotal.io/security/cve-2016-5016
Related Vulnerabilities
CVE-2021-46363 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2022-34662 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api
CVE-2019-10759 Vulnerability in maven package org.webjars.npm:safer-eval
CVE-2020-2299 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2022-46366 Vulnerability in maven package tapestry:tapestry