Vulnerability identifier: #VU23391
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-532
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cloud Foundry UAA
Server applications /
Web servers
CF Deployment
Server applications /
Frameworks for developing and running applications
Vendor: Cloud Foundry Foundation
Description
The vulnerability allows a remote user to access sensitive information on a targeted system.
The vulnerability exists due to the affected software logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. A remote user can gain access to user credentials.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cloud Foundry UAA: 1.0.0 - 74.7.0
CF Deployment: 0.0.1 - 12.9.0
External links
http://www.cloudfoundry.org/blog/cve-2019-11290
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.