CVE-2017-4960
First published: Fri Mar 10 2017(Updated: )
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.
Credit: security_alert@emc.com security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Cloud Foundry Uaa Bosh | =21 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =22 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =23 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =24 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =24.1 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =24.2 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =24.3 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =24.4 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =24.5 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =24.6 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =25 | |
| Cloudfoundry Cloud Foundry Uaa Bosh | =26 | |
| Pivotal Software Cloud Foundry | =247.0 | |
| Pivotal Software Cloud Foundry | =248.0 | |
| Pivotal Software Cloud Foundry | =249.0 | |
| Pivotal Software Cloud Foundry | =250.0 | |
| Pivotal Software Cloud Foundry | =251.0 | |
| Pivotal Software Cloud Foundry | =252.0 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.0 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.1 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.2 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.3 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.4 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.5 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.6 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.7 | |
| Pivotal Software Cloud Foundry Uaa | =3.9.8 | |
| Pivotal Software Cloud Foundry Uaa | =3.10.0 | |
| Pivotal Software Cloud Foundry Uaa | =3.11.0 | |
| maven/org.cloudfoundry.identity:cloudfoundry-identity-server | <3.9.8 | 3.9.8 |
| maven/org.cloudfoundry.identity:cloudfoundry-identity-server | >=3.10.0<3.12.0 | 3.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/96780
- https://www.cloudfoundry.org/cve-2017-4960/
- https://nvd.nist.gov/vuln/detail/CVE-2017-4960
- https://github.com/cloudfoundry/uaa/commit/17a0b86afe1fbd4ed8819267906afa3f76a8dfdc
- https://github.com/cloudfoundry/uaa/commit/5eab756eaf4bb397302f00fbd0273f2470009d38
- https://github.com/cloudfoundry/uaa/commit/78731f8aa37a53385d0194821a5356ab66e2138
- https://web.archive.org/web/20200227185243/http://www.securityfocus.com/bid/96780
- https://www.cloudfoundry.org/cve-2017-4960
- https://github.com/advisories/GHSA-hxgw-7539-pv7r (Advisory)
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hxgw-7539-pv7r
- alias/CVE-2017-4960
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cloudfoundry
- canonical/cloudfoundry cloud foundry uaa bosh
- version/cloudfoundry cloud foundry uaa bosh/21
- version/cloudfoundry cloud foundry uaa bosh/22
- version/cloudfoundry cloud foundry uaa bosh/23
- version/cloudfoundry cloud foundry uaa bosh/24
- version/cloudfoundry cloud foundry uaa bosh/24.1
- version/cloudfoundry cloud foundry uaa bosh/24.2
- version/cloudfoundry cloud foundry uaa bosh/24.3
- version/cloudfoundry cloud foundry uaa bosh/24.4
- version/cloudfoundry cloud foundry uaa bosh/24.5
- version/cloudfoundry cloud foundry uaa bosh/24.6
- version/cloudfoundry cloud foundry uaa bosh/25
- version/cloudfoundry cloud foundry uaa bosh/26
- vendor/pivotal software
- canonical/pivotal software cloud foundry
- version/pivotal software cloud foundry/247.0
- version/pivotal software cloud foundry/248.0
- version/pivotal software cloud foundry/249.0
- version/pivotal software cloud foundry/250.0
- version/pivotal software cloud foundry/251.0
- version/pivotal software cloud foundry/252.0
- canonical/pivotal software cloud foundry uaa
- version/pivotal software cloud foundry uaa/3.9.0
- version/pivotal software cloud foundry uaa/3.9.1
- version/pivotal software cloud foundry uaa/3.9.2
- version/pivotal software cloud foundry uaa/3.9.3
- version/pivotal software cloud foundry uaa/3.9.4
- version/pivotal software cloud foundry uaa/3.9.5
- version/pivotal software cloud foundry uaa/3.9.6
- version/pivotal software cloud foundry uaa/3.9.7
- version/pivotal software cloud foundry uaa/3.9.8
- version/pivotal software cloud foundry uaa/3.10.0
- version/pivotal software cloud foundry uaa/3.11.0
- package-manager/maven