CVE-2016-6639

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-6639
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6639.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-6639
Published
2016-09-18T02:59:12Z
Modified
2025-01-15T01:14:27.531415Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.

References

Affected packages

Git / github.com/cloudfoundry/php-buildpack

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/php-buildpack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v2.*

v2.0.0

v3.*

v3.0.0
v3.0.3-emergency-release-capable
v3.0.4
v3.1.0
v3.1.1
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1

v4.*

v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.2.0
v4.2.1
v4.3.0
v4.3.1
v4.3.10
v4.3.11
v4.3.12
v4.3.13
v4.3.14
v4.3.15
v4.3.16
v4.3.17
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.3.9