Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"cpes": [
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*"
],
"vendor_product": "pivotal:cloud_foundry_elastic_runtime",
"extracted_events": [
{
"last_affected": "1.6.37"
}
]
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*"
],
"vendor_product": "pivotal:cloud_foundry_elastic_runtime",
"extracted_events": [
{
"introduced": "1.7.0"
},
{
"last_affected": "1.7.0"
},
{
"introduced": "1.7.1"
},
{
"last_affected": "1.7.1"
},
{
"introduced": "1.7.2"
},
{
"last_affected": "1.7.2"
},
{
"introduced": "1.7.3"
},
{
"last_affected": "1.7.3"
},
{
"introduced": "1.7.4"
},
{
"last_affected": "1.7.4"
},
{
"introduced": "1.7.5"
},
{
"last_affected": "1.7.5"
},
{
"introduced": "1.7.6"
},
{
"last_affected": "1.7.6"
},
{
"introduced": "1.7.7"
},
{
"last_affected": "1.7.7"
},
{
"introduced": "1.7.8"
},
{
"last_affected": "1.7.8"
},
{
"introduced": "1.7.9"
},
{
"last_affected": "1.7.9"
},
{
"introduced": "1.7.10"
},
{
"last_affected": "1.7.10"
},
{
"introduced": "1.7.11"
},
{
"last_affected": "1.7.11"
},
{
"introduced": "1.7.12"
},
{
"last_affected": "1.7.12"
},
{
"introduced": "1.7.13"
},
{
"last_affected": "1.7.13"
},
{
"introduced": "1.7.14"
},
{
"last_affected": "1.7.14"
},
{
"introduced": "1.7.15"
},
{
"last_affected": "1.7.15"
},
{
"introduced": "1.7.16"
},
{
"last_affected": "1.7.16"
},
{
"introduced": "1.7.17"
},
{
"last_affected": "1.7.17"
},
{
"introduced": "1.7.18"
},
{
"last_affected": "1.7.18"
}
]
}
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "4.3.17"
}
],
"cpe": "cpe:2.3:a:cloudfoundry:php-buildpack:*:*:*:*:*:*:*:*"
}