CVE-2016-9885

Опубликовано: 06 янв. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.

Ссылки

http://www.securityfocus.com/bid/95270
https://pivotal.io/security/cve-2016-9885
Vendor Advisory
http://www.securityfocus.com/bid/95270
https://pivotal.io/security/cve-2016-9885
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.6.3.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00541

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-xj9h-242g-rjqv