What is the severity of CVE-2017-4970?

CVE-2017-4970 has a medium severity rating due to its potential impact on authentication configuration.

How do I fix CVE-2017-4970?

To fix CVE-2017-4970, you should upgrade to a version of the Cloud Foundry Staticfile buildpack that is not affected, above v1.4.3.

What is the main issue described in CVE-2017-4970?

The main issue in CVE-2017-4970 is that the Staticfile.auth configuration is ignored when the Staticfile is not present in the application root.

Is CVE-2017-4970 a remotely exploitable vulnerability?

CVE-2017-4970 is not classified as a remotely exploitable vulnerability, but it can impact the security configuration of applications.

Vulnerability/
CVE-2017-4970

medium

5.9

13/6/2017

5/8/2024

CVE-2017-4970

First published: Tue Jun 13 2017(Updated: )

An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root. Applications containing a Staticfile.auth file but not a Static file had their basic auth turned off when an operator upgraded the Static file build pack in the foundation to one of the vulnerable versions. Note that Static file applications without a Static file are technically misconfigured, and will not successfully detect unless the Static file build pack is explicitly specified.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Cloud Foundry CF Release	=255
Cloud Foundry Staticfile Buildpack	=1.4.0
Cloud Foundry Staticfile Buildpack	=1.4.1
Cloud Foundry Staticfile Buildpack	=1.4.2
Cloud Foundry Staticfile Buildpack	=1.4.3

Never miss a vulnerability like this again

Reference Links

https://www.cloudfoundry.org/cve-2017-4970/

Frequently Asked Questions

What is the severity of CVE-2017-4970?
CVE-2017-4970 has a medium severity rating due to its potential impact on authentication configuration.
How do I fix CVE-2017-4970?
To fix CVE-2017-4970, you should upgrade to a version of the Cloud Foundry Staticfile buildpack that is not affected, above v1.4.3.
What software does CVE-2017-4970 affect?
CVE-2017-4970 affects Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 to v1.4.3.
What is the main issue described in CVE-2017-4970?
The main issue in CVE-2017-4970 is that the Staticfile.auth configuration is ignored when the Staticfile is not present in the application root.
Is CVE-2017-4970 a remotely exploitable vulnerability?
CVE-2017-4970 is not classified as a remotely exploitable vulnerability, but it can impact the security configuration of applications.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cloudfoundry
canonical/cloud foundry cf release
version/cloud foundry cf release/255
canonical/cloud foundry staticfile buildpack
version/cloud foundry staticfile buildpack/1.4.0
version/cloud foundry staticfile buildpack/1.4.1
version/cloud foundry staticfile buildpack/1.4.2
version/cloud foundry staticfile buildpack/1.4.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.