Vulnerability identifier: #VU23391

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11290

CWE-ID: CWE-532

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cloud Foundry UAA
Server applications / Web servers
CF Deployment
Server applications / Frameworks for developing and running applications

Vendor: Cloud Foundry Foundation

Description

The vulnerability allows a remote user to access sensitive information on a targeted system.

The vulnerability exists due to the affected software logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. A remote user can gain access to user credentials.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cloud Foundry UAA: 1.0.0 - 74.7.0

CF Deployment: 0.0.1 - 12.9.0

---

External links
http://www.cloudfoundry.org/blog/cve-2019-11290

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.