Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Remediation

References

https://pivotal.io/security/cve-2016-5016

https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3

https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3

https://github.com/cloudfoundry/uaa/releases/tag/3.4.2

https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

https://github.com/cloudfoundry/cf-release/releases/tag/v240

Related Vulnerabilities

CVE-2023-49447 Vulnerability in maven package com.jfinal:jfinal

CVE-2019-10371 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

CVE-2023-33008 Vulnerability in maven package org.apache.johnzon:johnzon

CVE-2023-29216 Vulnerability in maven package org.apache.linkis:linkis-common

CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Medium

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory Release Notes Third Party Advisory