CVE-2017-4994
HIGHCloud Foundry Foundation cf-release <v263 - Info Disclosure
Title source: llmDescription
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2017-4994/
Scores
CVSS v3
7.5
EPSS
0.0111
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (50)
cloudfoundry/cloud_foundry_uaa_bosh
13.1
cloudfoundry/cloud_foundry_uaa_bosh
13.2
cloudfoundry/cloud_foundry_uaa_bosh
13.3
cloudfoundry/cloud_foundry_uaa_bosh
13.4
cloudfoundry/cloud_foundry_uaa_bosh
13.5
cloudfoundry/cloud_foundry_uaa_bosh
13.6
cloudfoundry/cloud_foundry_uaa_bosh
13.7
cloudfoundry/cloud_foundry_uaa_bosh
13.8
cloudfoundry/cloud_foundry_uaa_bosh
13.9
cloudfoundry/cloud_foundry_uaa_bosh
13.10
... and 40 more
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026