CVE-2017-4960
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/03/2017
Last modified:
20/04/2025
Description
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:21:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:23:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:25:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:26:*:*:*:*:*:*:* | ||
| cpe:2.3:a:pivotal_software:cloud_foundry:247.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:pivotal_software:cloud_foundry:248.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:pivotal_software:cloud_foundry:249.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page