cvelistv5 - cve-2017-4994

cve-2017-4994

Vulnerability from cvelistv5

Published

2017-06-13 06:00

Modified

2024-08-05 14:47

Severity ?

Summary

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.

References

▼	URL	Tags
	security_alert@emc.com	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	Cloud Foundry	Version: Cloud Foundry

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:47:43.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudfoundry.org/cve-2017-4994/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cloud Foundry",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cloud Foundry"
            }
          ]
        }
      ],
      "datePublic": "2017-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Forwarded Headers in UAA",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-13T05:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudfoundry.org/cve-2017-4994/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-4994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cloud Foundry",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cloud Foundry"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Forwarded Headers in UAA"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/cve-2017-4994/",
              "refsource": "CONFIRM",
              "url": "https://www.cloudfoundry.org/cve-2017-4994/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-4994",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2016-12-29T00:00:00",
    "dateUpdated": "2024-08-05T14:47:43.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-4994\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-06-13T06:29:00.800\",\"lastModified\":\"2024-11-21T03:26:49.473\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en cf-release versiones anteriores a 263; UAA release versiones 2.x anteriores a 2.7.4.18, versiones 3.6.x anteriores a 3.6.12, versiones 3.9.x anteriores a 3.9.14, y otras versiones anteriores a 4.3.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a 13.16, versiones 24.x anteriores a 24.11, versiones 30.x anteriores a 30.4 y otras versiones anteriores a 40 de Cloud Foundry Foundation. Se present\u00f3 un problema con los encabezados http reenviados en UAA que podr\u00eda resultar en corrupci\u00f3n de la cuenta.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"39\",\"matchCriteriaId\":\"641CFBD1-D8D0-4F7E-BAFD-59A51F3FD353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24E2CE5-6DBA-4B45-951D-0F7189C9A94D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0EB01AB-A033-4DCC-B433-0674078E31DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749B1CBF-6297-4F4D-970D-25D1D0A88AE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C369E22-27DF-40B3-B94F-45DFC47E6A60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A4975D0-2C4D-4883-A849-D434FB8A7E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E85B347-27E2-4EF9-9CF0-13902EC4741D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93081AC1-C07E-4E6D-8B1E-8D561461FEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F6208B-7FA5-4177-8942-2037BEE99546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8120A442-6A3D-4918-A829-A84B2B9694E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7AF658-FFBB-49AB-8A44-9989A7FEC707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC42F184-AFEC-4992-BFEF-B410CDF1452A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"147C8C7B-F6C6-4338-A181-BF450C53C14B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"555B74DE-E5D6-493B-96B4-87C636104B64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A090F790-1A28-4238-8727-3F9475706A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEFE0727-C152-4726-A70E-C75BACD31071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38D708B8-485D-445E-8A21-474A500F1184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4B8A221-8740-4D35-871D-EABDB2F8332D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A426C1DD-0C64-468A-B96E-B0B94FFF0A89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEFEEACE-5BED-4507-A770-69D36F478791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"860B073C-AC50-473C-9650-7421F3638FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BBC265-7026-469B-BB30-D7DB7A334A65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E99F4C-6BB5-415E-A5F3-285A3219EEF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E24F1B-C999-4C02-BFDD-00F1E2A53E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75D365CB-5BDA-4387-AA3E-2F02B552162F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E80E3184-345D-4C78-ABAA-94B3D9A53252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F654A04-B949-415D-982A-7341486B2B01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF9F58F-1387-4D84-932F-8CC8F380E797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"262\",\"matchCriteriaId\":\"DFB1693A-98D4-47AB-ADD3-A8412AD24F7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.0\",\"matchCriteriaId\":\"FF552C5A-2298-43F4-AF70-20E9E4B402D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"942E59F5-172F-4802-81AE-D43E72189889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"504AA7E0-D1F5-4097-B53B-F0E36328B1EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DCD6CB7-5D49-4897-8353-44E5B08D9375\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1B4C4EB-3337-4053-BA4B-93A849263A42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9339A684-B1F0-4110-9E48-A04BED74DC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2261C887-8179-4BBA-A2CF-174F8F3017FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EED2616-E58D-4604-BBBC-AC24BCA068A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"916733EA-F51A-49E2-9D47-9B713B36C847\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA1887F9-EB71-41AE-9E45-DD86A54AA958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7D01A32-98DA-4F7F-B7A0-D1695478C208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C57AACB-1ECA-4047-A8AA-D768DA54BB86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D164FF1-D85D-4800-A726-465A32974BEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10286C78-A413-4FD3-B7F7-39C17A50D75C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D022F9B-4877-4A97-AE22-BAF579B38DE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D2BF0D-963C-430F-A4FE-F452F15035BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D8C3C5E-E942-483A-A914-CC57DDCB6EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D1773D7-B165-414D-9374-9AC8401CE461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D741750F-DC85-4701-90F7-4AE00DB04B0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E126E318-6572-4BC3-8FA4-835AC49432C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5B622B-C14C-4160-ACFD-CD2AB3786828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE0A85A-5B1A-49E0-8FC7-4A68505B6506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E3CEAB-E58E-4870-A719-F46D6DE2E710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DEDD149-4BBB-47A1-8E23-2247DCF9C13C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"225B90A0-757D-4406-9EC1-A31968CC7F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8157B8-A26B-4148-A02A-DBEC662FE701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F74AEAE-D823-4B1A-9979-0739F6BA17CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21FC35CD-79D1-4279-B719-6398C6636113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5053FDB3-E711-434A-A6A6-4C580A2FF43A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6955DB34-FA12-41A6-A90F-456777ADEB81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B92D875-509C-42BE-90E4-112C94170199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B83917A-D326-4874-AD82-0DBD131DC0EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5C19F44-AB0F-44BB-A298-F81B853FA71D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B981590F-0649-4BBA-AB5F-CC5C7858DFF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A36B9F9-6D45-4D84-869A-25131BF482BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADC5C69-1910-4D19-97B2-B44A594B8B34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5314895-961D-4D2B-A0C9-1B23C03317CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA5A5B1C-7111-464E-9F49-D13621233AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A6E52B8-7635-4376-AFAD-935DB44B923C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97CB502-CE1E-4B63-88D0-7A826C825B84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3AAD33-275B-4FF1-9434-BEE85543F7B3\"}]}]}],\"references\":[{\"url\":\"https://www.cloudfoundry.org/cve-2017-4994/\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.cloudfoundry.org/cve-2017-4994/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

gsd-2017-4994

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-4994

Aliases

CVE-2017-4994

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-4994",
    "description": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.",
    "id": "GSD-2017-4994"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-4994"
      ],
      "details": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.",
      "id": "GSD-2017-4994",
      "modified": "2023-12-13T01:21:02.860140Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2017-4994",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cloud Foundry",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cloud Foundry"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Forwarded Headers in UAA"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cloudfoundry.org/cve-2017-4994/",
            "refsource": "CONFIRM",
            "url": "https://www.cloudfoundry.org/cve-2017-4994/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "262",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2017-4994"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/cve-2017-4994/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.cloudfoundry.org/cve-2017-4994/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-08-06T13:07Z",
      "publishedDate": "2017-06-13T06:29Z"
    }
  }
}

ghsa-75xv-v35m-f8rh

Vulnerability from github

Published

2022-05-13 01:07

Modified

2022-05-13 01:07

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-4994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-13T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.",
  "id": "GHSA-75xv-v35m-f8rh",
  "modified": "2022-05-13T01:07:25Z",
  "published": "2022-05-13T01:07:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4994"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/cve-2017-4994"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2017-4994

Vulnerability from fkie_nvd

Published

2017-06-13 06:29

Modified

2024-11-21 03:26

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

▼	URL	Tags
	security_alert@emc.com	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cloudfoundry.org/cve-2017-4994/	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
cloudfoundry	cloud_foundry_uaa_bosh	*
cloudfoundry	cloud_foundry_uaa_bosh	13.1
cloudfoundry	cloud_foundry_uaa_bosh	13.2
cloudfoundry	cloud_foundry_uaa_bosh	13.3
cloudfoundry	cloud_foundry_uaa_bosh	13.4
cloudfoundry	cloud_foundry_uaa_bosh	13.5
cloudfoundry	cloud_foundry_uaa_bosh	13.6
cloudfoundry	cloud_foundry_uaa_bosh	13.7
cloudfoundry	cloud_foundry_uaa_bosh	13.8
cloudfoundry	cloud_foundry_uaa_bosh	13.9
cloudfoundry	cloud_foundry_uaa_bosh	13.10
cloudfoundry	cloud_foundry_uaa_bosh	13.11
cloudfoundry	cloud_foundry_uaa_bosh	13.12
cloudfoundry	cloud_foundry_uaa_bosh	13.13
cloudfoundry	cloud_foundry_uaa_bosh	13.14
cloudfoundry	cloud_foundry_uaa_bosh	13.15
cloudfoundry	cloud_foundry_uaa_bosh	24
cloudfoundry	cloud_foundry_uaa_bosh	24.1
cloudfoundry	cloud_foundry_uaa_bosh	24.2
cloudfoundry	cloud_foundry_uaa_bosh	24.3
cloudfoundry	cloud_foundry_uaa_bosh	24.4
cloudfoundry	cloud_foundry_uaa_bosh	24.5
cloudfoundry	cloud_foundry_uaa_bosh	24.6
cloudfoundry	cloud_foundry_uaa_bosh	24.7
cloudfoundry	cloud_foundry_uaa_bosh	24.8
cloudfoundry	cloud_foundry_uaa_bosh	24.9
cloudfoundry	cloud_foundry_uaa_bosh	24.10
cloudfoundry	cloud_foundry_uaa_bosh	30
cloudfoundry	cloud_foundry_uaa_bosh	30.1
cloudfoundry	cloud_foundry_uaa_bosh	30.2
cloudfoundry	cloud_foundry_uaa_bosh	30.3
pivotal_software	cloud_foundry_cf	*
pivotal_software	cloud_foundry_uaa	*
pivotal_software	cloud_foundry_uaa	2.2.5.4
pivotal_software	cloud_foundry_uaa	2.7.1
pivotal_software	cloud_foundry_uaa	2.7.2
pivotal_software	cloud_foundry_uaa	2.7.3
pivotal_software	cloud_foundry_uaa	2.7.4
pivotal_software	cloud_foundry_uaa	2.7.4.1
pivotal_software	cloud_foundry_uaa	2.7.4.2
pivotal_software	cloud_foundry_uaa	2.7.4.3
pivotal_software	cloud_foundry_uaa	2.7.4.4
pivotal_software	cloud_foundry_uaa	2.7.4.5
pivotal_software	cloud_foundry_uaa	2.7.4.6
pivotal_software	cloud_foundry_uaa	2.7.4.7
pivotal_software	cloud_foundry_uaa	2.7.4.8
pivotal_software	cloud_foundry_uaa	2.7.4.9
pivotal_software	cloud_foundry_uaa	2.7.4.11
pivotal_software	cloud_foundry_uaa	2.7.4.12
pivotal_software	cloud_foundry_uaa	2.7.4.13
pivotal_software	cloud_foundry_uaa	2.7.4.14
pivotal_software	cloud_foundry_uaa	2.7.4.15
pivotal_software	cloud_foundry_uaa	2.7.4.16
pivotal_software	cloud_foundry_uaa	2.7.4.17
pivotal_software	cloud_foundry_uaa	3.6.1
pivotal_software	cloud_foundry_uaa	3.6.2
pivotal_software	cloud_foundry_uaa	3.6.3
pivotal_software	cloud_foundry_uaa	3.6.4
pivotal_software	cloud_foundry_uaa	3.6.5
pivotal_software	cloud_foundry_uaa	3.6.6
pivotal_software	cloud_foundry_uaa	3.6.7
pivotal_software	cloud_foundry_uaa	3.6.8
pivotal_software	cloud_foundry_uaa	3.6.9
pivotal_software	cloud_foundry_uaa	3.6.10
pivotal_software	cloud_foundry_uaa	3.6.11
pivotal_software	cloud_foundry_uaa	3.9.1
pivotal_software	cloud_foundry_uaa	3.9.2
pivotal_software	cloud_foundry_uaa	3.9.3
pivotal_software	cloud_foundry_uaa	3.9.4
pivotal_software	cloud_foundry_uaa	3.9.5
pivotal_software	cloud_foundry_uaa	3.9.6
pivotal_software	cloud_foundry_uaa	3.9.7
pivotal_software	cloud_foundry_uaa	3.9.8
pivotal_software	cloud_foundry_uaa	3.9.9
pivotal_software	cloud_foundry_uaa	3.9.10
pivotal_software	cloud_foundry_uaa	3.9.11
pivotal_software	cloud_foundry_uaa	3.9.12
pivotal_software	cloud_foundry_uaa	3.9.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "641CFBD1-D8D0-4F7E-BAFD-59A51F3FD353",
              "versionEndIncluding": "39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24E2CE5-6DBA-4B45-951D-0F7189C9A94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0EB01AB-A033-4DCC-B433-0674078E31DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "749B1CBF-6297-4F4D-970D-25D1D0A88AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C369E22-27DF-40B3-B94F-45DFC47E6A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A2FE05-FC02-4FC1-B9B3-40E4EC62C5D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4975D0-2C4D-4883-A849-D434FB8A7E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E85B347-27E2-4EF9-9CF0-13902EC4741D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93081AC1-C07E-4E6D-8B1E-8D561461FEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F6208B-7FA5-4177-8942-2037BEE99546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD8DA4C6-BCA9-4959-82FC-2596C6EBD6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8120A442-6A3D-4918-A829-A84B2B9694E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7AF658-FFBB-49AB-8A44-9989A7FEC707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC42F184-AFEC-4992-BFEF-B410CDF1452A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "147C8C7B-F6C6-4338-A181-BF450C53C14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "555B74DE-E5D6-493B-96B4-87C636104B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "A090F790-1A28-4238-8727-3F9475706A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEFE0727-C152-4726-A70E-C75BACD31071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D708B8-485D-445E-8A21-474A500F1184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4B8A221-8740-4D35-871D-EABDB2F8332D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A426C1DD-0C64-468A-B96E-B0B94FFF0A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFEEACE-5BED-4507-A770-69D36F478791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "860B073C-AC50-473C-9650-7421F3638FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B44C3F2-5AC4-4D05-BAF0-EFDFB3FDC3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BBC265-7026-469B-BB30-D7DB7A334A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "08E99F4C-6BB5-415E-A5F3-285A3219EEF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E24F1B-C999-4C02-BFDD-00F1E2A53E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D365CB-5BDA-4387-AA3E-2F02B552162F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80E3184-345D-4C78-ABAA-94B3D9A53252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F654A04-B949-415D-982A-7341486B2B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF9F58F-1387-4D84-932F-8CC8F380E797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1693A-98D4-47AB-ADD3-A8412AD24F7E",
              "versionEndIncluding": "262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF552C5A-2298-43F4-AF70-20E9E4B402D4",
              "versionEndIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "942E59F5-172F-4802-81AE-D43E72189889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDEF8D-9BE5-43ED-8E1D-2B63A1294EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504AA7E0-D1F5-4097-B53B-F0E36328B1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DCD6CB7-5D49-4897-8353-44E5B08D9375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B4C4EB-3337-4053-BA4B-93A849263A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9339A684-B1F0-4110-9E48-A04BED74DC2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35CCB74-63A3-4F95-9EAE-ADC5A8BACB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A1BAE9-FCB6-458E-A1A6-03F0AB742E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2261C887-8179-4BBA-A2CF-174F8F3017FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EED2616-E58D-4604-BBBC-AC24BCA068A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "916733EA-F51A-49E2-9D47-9B713B36C847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1887F9-EB71-41AE-9E45-DD86A54AA958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D01A32-98DA-4F7F-B7A0-D1695478C208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C57AACB-1ECA-4047-A8AA-D768DA54BB86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D164FF1-D85D-4800-A726-465A32974BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC5B15-895E-43CA-AFE1-EE7E06EF08D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "10286C78-A413-4FD3-B7F7-39C17A50D75C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D022F9B-4877-4A97-AE22-BAF579B38DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D2BF0D-963C-430F-A4FE-F452F15035BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8C3C5E-E942-483A-A914-CC57DDCB6EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D1773D7-B165-414D-9374-9AC8401CE461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D741750F-DC85-4701-90F7-4AE00DB04B0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E126E318-6572-4BC3-8FA4-835AC49432C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5B622B-C14C-4160-ACFD-CD2AB3786828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBE0A85A-5B1A-49E0-8FC7-4A68505B6506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E3CEAB-E58E-4870-A719-F46D6DE2E710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEDD149-4BBB-47A1-8E23-2247DCF9C13C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "225B90A0-757D-4406-9EC1-A31968CC7F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8157B8-A26B-4148-A02A-DBEC662FE701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F74AEAE-D823-4B1A-9979-0739F6BA17CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FC35CD-79D1-4279-B719-6398C6636113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5053FDB3-E711-434A-A6A6-4C580A2FF43A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6955DB34-FA12-41A6-A90F-456777ADEB81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B92D875-509C-42BE-90E4-112C94170199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B83917A-D326-4874-AD82-0DBD131DC0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C19F44-AB0F-44BB-A298-F81B853FA71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B981590F-0649-4BBA-AB5F-CC5C7858DFF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A36B9F9-6D45-4D84-869A-25131BF482BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADC5C69-1910-4D19-97B2-B44A594B8B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5314895-961D-4D2B-A0C9-1B23C03317CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA5A5B1C-7111-464E-9F49-D13621233AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6E52B8-7635-4376-AFAD-935DB44B923C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97CB502-CE1E-4B63-88D0-7A826C825B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3AAD33-275B-4FF1-9434-BEE85543F7B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en cf-release versiones anteriores a 263; UAA release versiones 2.x anteriores a 2.7.4.18, versiones 3.6.x anteriores a 3.6.12, versiones 3.9.x anteriores a 3.9.14, y otras versiones anteriores a 4.3.0; y UAA bosh release (uaa-release) versiones 13.x anteriores a 13.16, versiones 24.x anteriores a 24.11, versiones 30.x anteriores a 30.4 y otras versiones anteriores a 40 de Cloud Foundry Foundation. Se present\u00f3 un problema con los encabezados http reenviados en UAA que podr\u00eda resultar en corrupci\u00f3n de la cuenta."
    }
  ],
  "id": "CVE-2017-4994",
  "lastModified": "2024-11-21T03:26:49.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-13T06:29:00.800",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-4994/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-4994/"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-4994

Vulnerability from cvelistv5

gsd-2017-4994

Vulnerability from gsd

ghsa-75xv-v35m-f8rh

Vulnerability from github

fkie_cve-2017-4994

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature