Access bypass in Cloud Foundry Foundation products - CVE-2016-6636
Published: September 30, 2016 / Updated: October 3, 2016
Vulnerability identifier: #VU713
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6636
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cloud Foundry Foundation
Affected software:
Pivotal Cloud Foundry Elastic Runtime
Pivotal Cloud Foundry Ops Manager
Cloud Foundry UAA
Bosh Release for the UAA
Pivotal Cloud Foundry Elastic Runtime
Pivotal Cloud Foundry Ops Manager
Cloud Foundry UAA
Bosh Release for the UAA
Detailed vulnerability description
The vulnerability alows a remote user to obtain implicit access tokens on the target system.
The weakness is caused by incorrect validation of redirect_uri during OAuth authorization flow. By using different request subdomain attackers can get implicit access tokens.
Successful exploitation of the vulnerability allows a malicious user to access implicit tolens on the vulnerable system.
The weakness is caused by incorrect validation of redirect_uri during OAuth authorization flow. By using different request subdomain attackers can get implicit access tokens.
Successful exploitation of the vulnerability allows a malicious user to access implicit tolens on the vulnerable system.
How to mitigate CVE-2016-6636
Update Pivotal Cloud Foundry UAA 2.x to 2.7.4.7, 3.x to 3.3.0.5, and 3.4.x to 3.4.4;
Update Pivotal Cloud Foundry UAA BOSH 11.5 and 12.x to 12.5;
Update Pivotal Cloud Foundry Elastic Runtime 1.6.40, 1.7.x to 1.7.21, and 1.8.x to 1.8.1;
Update Pivotal Cloud Foundry Ops Manager 1.7.x to 1.7.13 and 1.8.x to 1.8.1.
Update Pivotal Cloud Foundry UAA BOSH 11.5 and 12.x to 12.5;
Update Pivotal Cloud Foundry Elastic Runtime 1.6.40, 1.7.x to 1.7.21, and 1.8.x to 1.8.1;
Update Pivotal Cloud Foundry Ops Manager 1.7.x to 1.7.13 and 1.8.x to 1.8.1.