Cloud Foundry Blog

Your one-stop shop for the latest Cloud Foundry tutorials, platform updates & more.


Sort By: Latest | Popular | Oldest

USN-2943-1 PCRE vulnerabilities

USN-2943-1 PCRE vulnerabilities Severity Low/Medium Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Description It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. Affected Products and Versions Severity is … Continue reading “USN-2943-1 PCRE vulnerabilities”

CVE-2017-4973: Privilege Escalation in UAA

CVE-2017-4973: Privilege Escalation in UAA Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release (uaa-release): 13.x versions prior to v13.12 24.x versions prior to v24.7 Other … Continue reading “CVE-2017-4973: Privilege Escalation in UAA”

CVE-2017-4972: Blind SQL Injection in UAA

CVE-2017-4972: Blind SQL Injection in UAA Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release (uaa-release): 13.x versions prior to v13.12 24.x versions prior to v24.7 … Continue reading “CVE-2017-4972: Blind SQL Injection in UAA”

CVE-2017-4969: Bug in CC allows users to exceed quotas

CVE-2017-4969: Bug in CC allows users to exceed quotas Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v255 Description The Cloud Foundry Cloud Controller allows authenticated developer users to exceed memory and disk quotas for tasks. Mitigation OSS users are strongly encouraged to follow one of the mitigations below: Upgrade to … Continue reading “CVE-2017-4969: Bug in CC allows users to exceed quotas”

USN-3256-2: Linux kernel (HWE) vulnerability

USN-3256-2: Linux kernel (HWE) vulnerability Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel for each of the respective prior Ubuntu LTS releases. … Continue reading “USN-3256-2: Linux kernel (HWE) vulnerability”

CVE-2017-4970: Static file buildpack ignores basic authentication when misconfigured

CVE-2017-4970: Staticfile buildpack ignores basic authentication when misconfigured Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release v255 Staticfile buildpack versions v1.4.0 – v1.4.3 Description A regression introduced in the Staticfile buildpack causes the Staticfile.auth configuration to be ignored when the Staticfile file is not present in the application root. Applications containing a Staticfile.auth file … Continue reading “CVE-2017-4970: Static file buildpack ignores basic authentication when misconfigured”

CVE-2015-3281 HAProxy vulnerabilities

CVE-2015-3281 HAProxy vulnerabilities Severity Medium Vendor HAProxy Versions Affected HAProxy 1.5.x Description It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests. Affected Products and Versions Severity is medium unless otherwise noted. cf-release versions prior to v252 routing-release versions prior … Continue reading “CVE-2015-3281 HAProxy vulnerabilities”

USN-3232-1: ImageMagick vulnerabilities

USN-3232-1: ImageMagick vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute … Continue reading “USN-3232-1: ImageMagick vulnerabilities”

USN-3241-1: audiofile vulnerabilities

USN-3241-1: audiofile vulnerabilities Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Agostino Sarubbo discovered that audiofile incorrectly handled certain malformed audio files. If a user or automated system were tricked into processing a specially crafted audio file, a remote attacker could cause applications linked against audiofile to crash, leading to a denial … Continue reading “USN-3241-1: audiofile vulnerabilities”

USN-3243-1: Git vulnerability

USN-3243-1: Git vulnerability Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue … Continue reading “USN-3243-1: Git vulnerability”