CVE-2017-4960

Опубликовано: 10 мар. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

Ссылки

http://www.securityfocus.com/bid/96780
Third Party Advisory
VDB Entry
https://www.cloudfoundry.org/cve-2017-4960/
Vendor Advisory
http://www.securityfocus.com/bid/96780
Third Party Advisory
VDB Entry
https://www.cloudfoundry.org/cve-2017-4960/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:21:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:22:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:23:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:25:*:*:*:*:*:*:*

cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:26:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry:247.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry:248.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry:249.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry:250.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry:251.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry:252.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.10.0:*:*:*:*:*:*:*

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00451

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-hxgw-7539-pv7r