CVE-2016-0896

Published: Sep 18, 2016Modified: May 6, 2026

7.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.

Affected (13)

Products: Pivotal Software: Cloud Foundry Elastic Runtime

Pivotal Software

1 product

Cloud Foundry Elastic Runtime

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Cloud Foundry Elastic Runtime	Up to 1.6.33
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.0
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.10
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.11
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.1
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.2
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.3
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.4
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.5
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.6
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.7
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.8
Pivotal Software Cloud Foundry Elastic Runtime	Version 1.7.9

Related CWEs

CWE-254

References (4)

http://www.securityfocus.com/bid/92161

Source: security_alert@emc.com

https://pivotal.io/security/cve-2016-0896

Source: security_alert@emc.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/92161

Source: af854a3a-2127-422b-91ae-364da2661108

https://pivotal.io/security/cve-2016-0896

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.