What is CVE-2016-0715?

CVE-2016-0715 is a vulnerability that allows for remote information disclosure in Pivotal Cloud Foundry Elastic Runtime versions 1.4.0 through 1.4.5, 1.5.0 through 1.5.11, and 1.6.0 through 1.6.11.

How severe is CVE-2016-0715?

CVE-2016-0715 has a severity rating of medium with a CVSS score of 5.9.

What software is affected by CVE-2016-0715?

Pivotal Cloud Foundry Elastic Runtime versions 1.4.0 through 1.4.5, 1.5.0 through 1.5.11, and 1.6.0 through 1.6.11 are affected by CVE-2016-0715.

How can I fix CVE-2016-0715?

To fix CVE-2016-0715, it is recommended to update Pivotal Cloud Foundry Elastic Runtime to a version that is not affected by the vulnerability.

Where can I find more information about CVE-2016-0715?

More information about CVE-2016-0715 can be found at the following reference: https://pivotal.io/security/cve-2016-0715.

Vulnerability/
CVE-2016-0715

medium

5.9

CWE

200

11/9/2018

16/9/2024

CVE-2016-0715: Infoleak

First published: Tue Sep 11 2018(Updated: )

Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Pivotal Software Cloud Foundry Elastic Runtime	>=1.4.0<=1.4.5
Pivotal Software Cloud Foundry Elastic Runtime	>=1.5.0<=1.5.11
Pivotal Software Cloud Foundry Elastic Runtime	>=1.6.0<=1.6.11

Never miss a vulnerability like this again

Reference Links

https://pivotal.io/security/cve-2016-0715

Frequently Asked Questions

What is CVE-2016-0715?
CVE-2016-0715 is a vulnerability that allows for remote information disclosure in Pivotal Cloud Foundry Elastic Runtime versions 1.4.0 through 1.4.5, 1.5.0 through 1.5.11, and 1.6.0 through 1.6.11.
How severe is CVE-2016-0715?
CVE-2016-0715 has a severity rating of medium with a CVSS score of 5.9.
What software is affected by CVE-2016-0715?
Pivotal Cloud Foundry Elastic Runtime versions 1.4.0 through 1.4.5, 1.5.0 through 1.5.11, and 1.6.0 through 1.6.11 are affected by CVE-2016-0715.
How can I fix CVE-2016-0715?
To fix CVE-2016-0715, it is recommended to update Pivotal Cloud Foundry Elastic Runtime to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2016-0715?
More information about CVE-2016-0715 can be found at the following reference: https://pivotal.io/security/cve-2016-0715.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/pivotal software
canonical/pivotal software cloud foundry elastic runtime
version/pivotal software cloud foundry elastic runtime/1.4.0
version/pivotal software cloud foundry elastic runtime/1.4.5
version/pivotal software cloud foundry elastic runtime/1.5.0
version/pivotal software cloud foundry elastic runtime/1.5.11
version/pivotal software cloud foundry elastic runtime/1.6.0
version/pivotal software cloud foundry elastic runtime/1.6.11

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.