Description
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Remediation
References
https://pivotal.io/security/cve-2016-5016
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
https://github.com/cloudfoundry/cf-release/releases/tag/v240
Related Vulnerabilities
CVE-2017-8032 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system
CVE-2023-2507 Vulnerability in npm package clevertap-cordova
CVE-2022-34870 Vulnerability in maven package org.apache.geode:geode-pulse
CVE-2007-6433 Vulnerability in maven package org.jboss.seam:jboss-seam