CVE-2016-5016

Severity CVSS v4.0:
Pending analysis
Type:
CWE-295 Improper Certificate Validation
Publication date:
24/04/2017
Last modified:
20/04/2025

Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:* 239 (including)
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:* 1.6.0 (including) 1.6.35 (excluding)
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:* 1.7.0 (including) 1.7.13 (excluding)
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:* 3.4.1 (including)
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:*:*:*:*:*:*:*:* 12.2 (including)