CVE-2016-5016
MEDIUMPivotal Cloud Foundry < 239 and UAA < 3.4.1 - Improper Certificate Validation
Title source: llmDescription
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
References (7)
Core 7
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/cloudfoundry/cf-release/releases/tag/v240
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2016-5016
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
Scores
CVSS v3
5.9
EPSS
0.0103
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (5)
org.cloudfoundry.identity/cloudfoundry-identity-server
3.0.0 - 3.3.0.3Maven
pivotal_software/cloud_foundry
< 239
pivotal_software/cloud_foundry_elastic_runtime
1.6.0 - 1.6.35
pivotal_software/cloud_foundry_uaa
< 3.4.1
pivotal_software/cloud_foundry_uaa-release
< 12.2
Published
Apr 24, 2017
Tracked Since
Feb 18, 2026