CVE-2016-6655 Utility Script Command Injection


Share

CVE-2016-6655 Utility Script Command Injection

Severity

Critical

Vendor

Cloud Foundry Foundation

Versions Affected

  • Cloud Foundry release versions prior to v245
  • cf-mysql-release versions prior to v31

Description

A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.

Mitigation

OSS users are strongly encouraged to follow the mitigations below:

  • Upgrade to Cloud Foundry v245 [1] or later
  • Upgrade to cf-mysql-release v31 [2] or later

Credit

IBM Bluemix Team

References

  • [1] https://github.com/cloudfoundry/cf-release/releases/tag/v245
  • [2] https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v31
Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES