What is the severity of CVE-2016-9885?

The severity of CVE-2016-9885 is rated as high due to its unauthenticated access to the GFSH endpoint.

How do I fix CVE-2016-9885?

To fix CVE-2016-9885, upgrade to Pivotal GemFire for PCF version 1.6.5 or 1.7.1 or later.

What versions of Pivotal GemFire are affected by CVE-2016-9885?

CVE-2016-9885 affects Pivotal GemFire versions 1.6.0.0 through 1.6.4.0 and 1.7.0.0.

What impact does CVE-2016-9885 have on security?

CVE-2016-9885 allows unauthorized access to the GFSH endpoint, potentially exposing the cluster to malicious activities.

Is there a workaround for CVE-2016-9885?

There are no official workarounds for CVE-2016-9885; upgrading to a patched version is recommended.

Vulnerability/
CVE-2016-9885

critical

9.8

CWE

200 254

6/1/2017

6/8/2024

CVE-2016-9885: Infoleak

First published: Fri Jan 06 2017(Updated: )

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Pivotal Software Gemfire For Pivotal Cloud Foundry	=1.6.0.0
Pivotal Software Gemfire For Pivotal Cloud Foundry	=1.6.1
Pivotal Software Gemfire For Pivotal Cloud Foundry	=1.6.2
Pivotal Software Gemfire For Pivotal Cloud Foundry	=1.6.3.0
Pivotal Software Gemfire For Pivotal Cloud Foundry	=1.6.4.0
Pivotal Software Gemfire For Pivotal Cloud Foundry	=1.7.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9885?
The severity of CVE-2016-9885 is rated as high due to its unauthenticated access to the GFSH endpoint.
How do I fix CVE-2016-9885?
To fix CVE-2016-9885, upgrade to Pivotal GemFire for PCF version 1.6.5 or 1.7.1 or later.
What versions of Pivotal GemFire are affected by CVE-2016-9885?
CVE-2016-9885 affects Pivotal GemFire versions 1.6.0.0 through 1.6.4.0 and 1.7.0.0.
What impact does CVE-2016-9885 have on security?
CVE-2016-9885 allows unauthorized access to the GFSH endpoint, potentially exposing the cluster to malicious activities.
Is there a workaround for CVE-2016-9885?
There are no official workarounds for CVE-2016-9885; upgrading to a patched version is recommended.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/weakness
agent/tags
agent/event
agent/description
agent/first-publish-date
agent/source
vendor/pivotal software
canonical/pivotal software gemfire for pivotal cloud foundry
version/pivotal software gemfire for pivotal cloud foundry/1.6.0.0
version/pivotal software gemfire for pivotal cloud foundry/1.6.1
version/pivotal software gemfire for pivotal cloud foundry/1.6.2
version/pivotal software gemfire for pivotal cloud foundry/1.6.3.0
version/pivotal software gemfire for pivotal cloud foundry/1.6.4.0
version/pivotal software gemfire for pivotal cloud foundry/1.7.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.