CVE-2017-8037

HIGH

Cloud Foundry CAPI-release v1.6.0-v1.38.0 and cf-release v244-v270 - Information Disclosure via Crafted CAPI Request

Title source: llm
STIX 2.1

Description

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2017-8037/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100448

Scores

CVSS v3 7.5
EPSS 0.0141
EPSS Percentile 69.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (50)
cloudfoundry/capi-release 1.7.0
cloudfoundry/capi-release 1.8.0
cloudfoundry/capi-release 1.9.0
cloudfoundry/capi-release 1.10.0
cloudfoundry/capi-release 1.11.0
cloudfoundry/capi-release 1.12.0
cloudfoundry/capi-release 1.13.0
cloudfoundry/capi-release 1.14.0
cloudfoundry/capi-release 1.15.0
cloudfoundry/capi-release 1.16.0
... and 40 more
Published Aug 21, 2017
Tracked Since Feb 18, 2026