CVE-2016-0708

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-0708
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0708.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-0708
Published
2018-07-11T20:29:00.227Z
Modified
2026-04-10T03:45:56.555290Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.

References

Affected packages

Git / github.com/cloudfoundry/cf-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/cf-release
Events
Introduced
24ffd14d661658a5bd069bbeb25ed6d0d29bcac1
Last affected
baa394224fc5780f641d86d97e833575ada2094b
Database specific 
{
    "versions": [
        {
            "introduced": "166"
        },
        {
            "last_affected": "227"
        }
    ]
}
Type
GIT
Repo
https://github.com/cloudfoundry/java-buildpack
Events
Introduced
b3f72903a6ff2728f1c4ab792ceb5fb093debf8d
Last affected
9ab05a6d0aacad2700691f543f5cd660c9f75363
Database specific 
{
    "versions": [
        {
            "introduced": "2.0"
        },
        {
            "last_affected": "3.4"
        }
    ]
}

Affected versions

v2.*
v2.0
v2.1
v2.1.1
v2.1.2
v3.*
v3.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0708.json"