CVE-2016-6636
First published: Fri Sep 30 2016(Updated: )
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloud Foundry UAA | <=12.3 | |
| Cloud Foundry | <=241 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.0 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.1 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.2 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.3 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.4 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.5 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.6 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.7 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.8 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.9 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.10 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.11 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.12 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.13 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.14 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.15 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.17 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.18 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.19 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.20 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.21 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.22 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.23 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.25 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.26 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.27 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.28 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.29 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.30 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.31 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.32 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.33 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.34 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.35 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.36 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.37 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.38 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.6.39 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.0 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.1 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.2 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.3 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.4 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.5 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.6 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.7 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.8 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.9 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.10 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.11 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.12 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.13 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.14 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.15 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.16 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.17 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.18 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.19 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.7.20 | |
| Pivotal Cloud Foundry Elastic Runtime | =1.8.0 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.0 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.1 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.2 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.3 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.4 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.5 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.6 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.7 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.8 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.9 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.10 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.11 | |
| Pivotal Cloud Foundry Ops Manager | =1.7.12 | |
| Pivotal Cloud Foundry Ops Manager | =1.8.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.3.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.3.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.4.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.5.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.6.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.0.2 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.0.3 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.2 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.3 | |
| Cloud Foundry User Account and Authentication (UAA) | =2.7.4.6 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.0.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.0.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.1.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.2.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.2.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.3.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.3.0.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.4.0 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.4.1 | |
| Cloud Foundry User Account and Authentication (UAA) | =3.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2016-6636?
CVE-2016-6636 has been identified as a high severity vulnerability impacting OAuth authorization in various versions of Pivotal Cloud Foundry.
How do I fix CVE-2016-6636?
To fix CVE-2016-6636, upgrade to the latest patched versions of Pivotal Cloud Foundry and associated components listed in the vulnerability details.
What versions are affected by CVE-2016-6636?
CVE-2016-6636 affects specific versions of Pivotal Cloud Foundry, Cloud Foundry UAA, Elastic Runtime, and Ops Manager up to various versions as outlined in the vulnerability report.
What is the impact of CVE-2016-6636?
The impact of CVE-2016-6636 includes potential unauthorized access to sensitive user data due to flawed OAuth authorization implementations.
Is there a workaround for CVE-2016-6636?
There are no official workarounds for CVE-2016-6636; upgrading to the fixed versions is the recommended course of action.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cloudfoundry
- canonical/cloud foundry uaa
- version/cloud foundry uaa/12.3
- vendor/pivotal software
- canonical/cloud foundry
- version/cloud foundry/241
- canonical/pivotal cloud foundry elastic runtime
- version/pivotal cloud foundry elastic runtime/1.6.0
- version/pivotal cloud foundry elastic runtime/1.6.1
- version/pivotal cloud foundry elastic runtime/1.6.2
- version/pivotal cloud foundry elastic runtime/1.6.3
- version/pivotal cloud foundry elastic runtime/1.6.4
- version/pivotal cloud foundry elastic runtime/1.6.5
- version/pivotal cloud foundry elastic runtime/1.6.6
- version/pivotal cloud foundry elastic runtime/1.6.7
- version/pivotal cloud foundry elastic runtime/1.6.8
- version/pivotal cloud foundry elastic runtime/1.6.9
- version/pivotal cloud foundry elastic runtime/1.6.10
- version/pivotal cloud foundry elastic runtime/1.6.11
- version/pivotal cloud foundry elastic runtime/1.6.12
- version/pivotal cloud foundry elastic runtime/1.6.13
- version/pivotal cloud foundry elastic runtime/1.6.14
- version/pivotal cloud foundry elastic runtime/1.6.15
- version/pivotal cloud foundry elastic runtime/1.6.17
- version/pivotal cloud foundry elastic runtime/1.6.18
- version/pivotal cloud foundry elastic runtime/1.6.19
- version/pivotal cloud foundry elastic runtime/1.6.20
- version/pivotal cloud foundry elastic runtime/1.6.21
- version/pivotal cloud foundry elastic runtime/1.6.22
- version/pivotal cloud foundry elastic runtime/1.6.23
- version/pivotal cloud foundry elastic runtime/1.6.25
- version/pivotal cloud foundry elastic runtime/1.6.26
- version/pivotal cloud foundry elastic runtime/1.6.27
- version/pivotal cloud foundry elastic runtime/1.6.28
- version/pivotal cloud foundry elastic runtime/1.6.29
- version/pivotal cloud foundry elastic runtime/1.6.30
- version/pivotal cloud foundry elastic runtime/1.6.31
- version/pivotal cloud foundry elastic runtime/1.6.32
- version/pivotal cloud foundry elastic runtime/1.6.33
- version/pivotal cloud foundry elastic runtime/1.6.34
- version/pivotal cloud foundry elastic runtime/1.6.35
- version/pivotal cloud foundry elastic runtime/1.6.36
- version/pivotal cloud foundry elastic runtime/1.6.37
- version/pivotal cloud foundry elastic runtime/1.6.38
- version/pivotal cloud foundry elastic runtime/1.6.39
- version/pivotal cloud foundry elastic runtime/1.7.0
- version/pivotal cloud foundry elastic runtime/1.7.1
- version/pivotal cloud foundry elastic runtime/1.7.2
- version/pivotal cloud foundry elastic runtime/1.7.3
- version/pivotal cloud foundry elastic runtime/1.7.4
- version/pivotal cloud foundry elastic runtime/1.7.5
- version/pivotal cloud foundry elastic runtime/1.7.6
- version/pivotal cloud foundry elastic runtime/1.7.7
- version/pivotal cloud foundry elastic runtime/1.7.8
- version/pivotal cloud foundry elastic runtime/1.7.9
- version/pivotal cloud foundry elastic runtime/1.7.10
- version/pivotal cloud foundry elastic runtime/1.7.11
- version/pivotal cloud foundry elastic runtime/1.7.12
- version/pivotal cloud foundry elastic runtime/1.7.13
- version/pivotal cloud foundry elastic runtime/1.7.14
- version/pivotal cloud foundry elastic runtime/1.7.15
- version/pivotal cloud foundry elastic runtime/1.7.16
- version/pivotal cloud foundry elastic runtime/1.7.17
- version/pivotal cloud foundry elastic runtime/1.7.18
- version/pivotal cloud foundry elastic runtime/1.7.19
- version/pivotal cloud foundry elastic runtime/1.7.20
- version/pivotal cloud foundry elastic runtime/1.8.0
- canonical/pivotal cloud foundry ops manager
- version/pivotal cloud foundry ops manager/1.7.0
- version/pivotal cloud foundry ops manager/1.7.1
- version/pivotal cloud foundry ops manager/1.7.2
- version/pivotal cloud foundry ops manager/1.7.3
- version/pivotal cloud foundry ops manager/1.7.4
- version/pivotal cloud foundry ops manager/1.7.5
- version/pivotal cloud foundry ops manager/1.7.6
- version/pivotal cloud foundry ops manager/1.7.7
- version/pivotal cloud foundry ops manager/1.7.8
- version/pivotal cloud foundry ops manager/1.7.9
- version/pivotal cloud foundry ops manager/1.7.10
- version/pivotal cloud foundry ops manager/1.7.11
- version/pivotal cloud foundry ops manager/1.7.12
- version/pivotal cloud foundry ops manager/1.8.0
- canonical/cloud foundry user account and authentication (uaa)
- version/cloud foundry user account and authentication (uaa)/2.3.0
- version/cloud foundry user account and authentication (uaa)/2.3.1
- version/cloud foundry user account and authentication (uaa)/2.4.0
- version/cloud foundry user account and authentication (uaa)/2.5.1
- version/cloud foundry user account and authentication (uaa)/2.6.1
- version/cloud foundry user account and authentication (uaa)/2.7.0.2
- version/cloud foundry user account and authentication (uaa)/2.7.0.3
- version/cloud foundry user account and authentication (uaa)/2.7.1
- version/cloud foundry user account and authentication (uaa)/2.7.2
- version/cloud foundry user account and authentication (uaa)/2.7.3
- version/cloud foundry user account and authentication (uaa)/2.7.4.6
- version/cloud foundry user account and authentication (uaa)/3.0.0
- version/cloud foundry user account and authentication (uaa)/3.0.1
- version/cloud foundry user account and authentication (uaa)/3.1.0
- version/cloud foundry user account and authentication (uaa)/3.2.0
- version/cloud foundry user account and authentication (uaa)/3.2.1
- version/cloud foundry user account and authentication (uaa)/3.3.0
- version/cloud foundry user account and authentication (uaa)/3.3.0.1
- version/cloud foundry user account and authentication (uaa)/3.4.0
- version/cloud foundry user account and authentication (uaa)/3.4.1
- version/cloud foundry user account and authentication (uaa)/3.4.2