CVE-2016-6655
CRITICALCloud Foundry Foundation <v245 - Command Injection
Title source: llmDescription
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2016-6655/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93889
Scores
CVSS v3
9.8
EPSS
0.0337
EPSS Percentile
87.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (3)
cloudfoundry/cf-mysql-release
< 30
cloudfoundry/cf-release
< 244
n/a/Cloud Foundry
Cloud Foundry
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026