VIR Vulnerability Intelligence Relay

CVE-2016-5016

medium
Published 2017-04-24 · Modified 2024-02-28
CVSS v3
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v2
4.3
VIR risk
5.9

Description

Cloud Foundry vulnerable to Improper Certificate Validation

Predictions

Exploit likelihood
69%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://pivotal.io/security/cve-2016-5016

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/cloudfoundry/uaa/releases/tag/3.4.2

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/cloudfoundry/cf-release/releases/tag/v240

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.0.0,<3.3.0.33.3.0.3
java Mavenorg.cloudfoundry.identity:cloudfoundry-identity-server>=3.4.0,<3.4.23.4.2

Application impact
VendorProductVersionsFixed
pivotal_softwarecloud_foundry{"endIncluding":"239"}
pivotal_softwarecloud_foundry_elastic_runtime{"startIncluding":"1.6.0","endExcluding":"1.6.35"}1.6.35
pivotal_softwarecloud_foundry_uaa{"endIncluding":"3.4.1"}
pivotal_softwarecloud_foundry_uaa-release{"endIncluding":"12.2"}

References

CWEs

CWE-295

Verify integrity in audit chain (admin only). AS-IS.