Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6639

Опубликовано: 18 сент. 2016
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cloudfoundry:php-buildpack:*:*:*:*:*:*:*:*
Версия до 4.3.17 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*
Версия до 1.6.37 (включая)
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*
cpe:2.3:a:pivotal:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00379
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-254

Связанные уязвимости

github логотип

GHSA-mq7w-4q42-qr7m

CVSS3: 7.5
github
больше 3 лет назад

Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.

EPSS

Процентиль: 59%
0.00379
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-254