CVE-2016-6636
- Source
- https://cve.org/CVERecord?id=CVE-2016-6636
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6636.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-6636
- Published
- 2016-09-30T00:59:00.180Z
- Modified
- 2026-04-10T03:52:43.336926Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
- References
Affected packages
Git / github.com/cloudfoundry/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/cf-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "241" } ] }
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.6.0" }, { "introduced": "0" }, { "last_affected": "1.6.1" }, { "introduced": "0" }, { "last_affected": "1.6.2" }, { "introduced": "0" }, { "last_affected": "1.6.3" }, { "introduced": "0" }, { "last_affected": "1.6.4" }, { "introduced": "0" }, { "last_affected": "1.6.5" }, { "introduced": "0" }, { "last_affected": "1.7.0" }, { "introduced": "0" }, { "last_affected": "1.7.1" }, { "introduced": "0" }, { "last_affected": "1.7.2" }, { "introduced": "0" }, { "last_affected": "1.8.0" }, { "introduced": "0" }, { "last_affected": "1.7.0" }, { "introduced": "0" }, { "last_affected": "1.7.1" }, { "introduced": "0" }, { "last_affected": "1.7.2" }, { "introduced": "0" }, { "last_affected": "1.8.0" }, { "introduced": "0" }, { "last_affected": "2.3.0" }, { "introduced": "0" }, { "last_affected": "2.3.1" }, { "introduced": "0" }, { "last_affected": "2.4.0" }, { "introduced": "0" }, { "last_affected": "2.5.1" }, { "introduced": "0" }, { "last_affected": "2.6.1" }, { "introduced": "0" }, { "last_affected": "2.7.0.2" }, { "introduced": "0" }, { "last_affected": "2.7.0.3" }, { "introduced": "0" }, { "last_affected": "2.7.1" }, { "introduced": "0" }, { "last_affected": "2.7.2" }, { "introduced": "0" }, { "last_affected": "2.7.3" }, { "introduced": "0" }, { "last_affected": "2.7.4.6" }, { "introduced": "0" }, { "last_affected": "3.0.0" }, { "introduced": "0" }, { "last_affected": "3.0.1" }, { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.2.0" }, { "introduced": "0" }, { "last_affected": "3.2.1" }, { "introduced": "0" }, { "last_affected": "3.3.0" }, { "introduced": "0" }, { "last_affected": "3.3.0.1" }, { "introduced": "0" }, { "last_affected": "3.4.0" }, { "introduced": "0" }, { "last_affected": "3.4.1" }, { "introduced": "0" }, { "last_affected": "3.4.2" } ] }
Affected versions
Other
-
ci-upgrade
lenient_hybrid_flow
list
log
scotty_09012012
travis-success-1475
travis-success-1478
travis-success-1497
v10
v100
v102
v103
v104
v105
v109
v11
v119
v12
v132
v133
v134
v135
v136
v137
v140
v143
v156
v157
v161
v170
v183
v2
v205
v241
v3
v6
v7
v8
v9
v99
works-for-us
1.*
1.0.1
1.0.3
1.1
1.1.1
1.1.2
1.10
1.11
1.2.0
1.2.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.4.1
2.2.5
2.2.6
2.3.0
2.3.1
2.3.1.1
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.7.0.1
2.7.0.2
2.7.0.3
2.7.1
2.7.2
2.7.3
2.7.4
2.7.4.1
2.7.4.2
2.7.4.3
2.7.4.4
2.7.4.5
2.7.4.6
3.*
3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.3.0
3.3.0.1
3.4.0
3.4.1
3.4.2
rc145.*
rc145.0
v12.*
v12.3
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6636.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.28"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.36"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.37"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.38"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.12"
}
]
}
]