Vulnerability-Lookup

CNVD-2016-05065

Vulnerability from cnvd - Published: 2016-07-21

Title

Pivotal Cloud Foundry Elastic Runtime开放重定向漏洞

Description

Pivotal Cloud Foundry是美国Pivotal Software公司的一套开源的平台即服务（PaaS）云计算平台，它提供容器调度、持续交付和自动化服务部署等功能。Elastic Runtime是Pivotal Cloud Foundry的一个运行环境。 Pivotal Cloud Foundry Elastic Runtime 1.6.30之前的1.6.x版本和1.7.8之前的1.7.x版本中存在开放重定向漏洞。攻击者可构造特制的URI利用该漏洞诱使用户点击链接，可被重定向到攻击者控制的网站，实施钓鱼攻击。

Severity

中

Patch Name

Pivotal Cloud Foundry Elastic Runtime开放重定向漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://pivotal.io/

Reference

http://www.securityfocus.com/bid/91550

Impacted products

Name
['Pivotal Software Cloud Foundry Elastic Runtime 1.7.*，<1.7.8', 'Pivotal Software Cloud Foundry Elastic Runtime 1.6.x，<1.6.30']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "91550"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-0928"
    }
  },
  "description": "Pivotal Cloud Foundry\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002Elastic Runtime\u662fPivotal Cloud Foundry\u7684\u4e00\u4e2a\u8fd0\u884c\u73af\u5883\u3002\r\n\r\nPivotal Cloud Foundry Elastic Runtime 1.6.30\u4e4b\u524d\u76841.6.x\u7248\u672c\u548c1.7.8\u4e4b\u524d\u76841.7.x\u7248\u672c\u4e2d\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u6784\u9020\u7279\u5236\u7684URI\u5229\u7528\u8be5\u6f0f\u6d1e\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u94fe\u63a5\uff0c\u53ef\u88ab\u91cd\u5b9a\u5411\u5230\u653b\u51fb\u8005\u63a7\u5236\u7684\u7f51\u7ad9\uff0c\u5b9e\u65bd\u9493\u9c7c\u653b\u51fb\u3002",
  "discovererName": "San Tran, Digital Transformation Office, Australian Government and Joe Blac and Dor Tumarkin, Cisco Security consultants.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://pivotal.io/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-05065",
  "openTime": "2016-07-21",
  "patchDescription": "Pivotal Cloud Foundry\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002Elastic Runtime\u662fPivotal Cloud Foundry\u7684\u4e00\u4e2a\u8fd0\u884c\u73af\u5883\u3002\r\n\r\nPivotal Cloud Foundry Elastic Runtime 1.6.30\u4e4b\u524d\u76841.6.x\u7248\u672c\u548c1.7.8\u4e4b\u524d\u76841.7.x\u7248\u672c\u4e2d\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u6784\u9020\u7279\u5236\u7684URI\u5229\u7528\u8be5\u6f0f\u6d1e\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\u94fe\u63a5\uff0c\u53ef\u88ab\u91cd\u5b9a\u5411\u5230\u653b\u51fb\u8005\u63a7\u5236\u7684\u7f51\u7ad9\uff0c\u5b9e\u65bd\u9493\u9c7c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Cloud Foundry Elastic Runtime\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Cloud Foundry Elastic Runtime 1.7.*\uff0c\u003c1.7.8",
      "Pivotal Software Cloud Foundry Elastic Runtime 1.6.x\uff0c\u003c1.6.30"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/91550",
  "serverity": "\u4e2d",
  "submitTime": "2016-07-17",
  "title": "Pivotal Cloud Foundry Elastic Runtime\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

CVE-2016-0928 (GCVE-0-2016-0928)

Vulnerability from cvelistv5 – Published: 2016-09-18 01:00 – Updated: 2024-08-05 22:38

Summary

Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Severity

No CVSS data available.

CWE

Assigner

dell

References

2 references

URL	Tags
https://pivotal.io/security/cve-2016-0928	x_refsource_CONFIRM
http://www.securityfocus.com/bid/91550	vdb-entryx_refsource_BID

Date Public

2016-09-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:38:41.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2016-0928"
          },
          {
            "name": "91550",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91550"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2016-0928"
        },
        {
          "name": "91550",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91550"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-0928",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2016-0928",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2016-0928"
            },
            {
              "name": "91550",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91550"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-0928",
    "datePublished": "2016-09-18T01:00:00.000Z",
    "dateReserved": "2015-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:38:41.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-05065

CVE-2016-0928 (GCVE-0-2016-0928)

Tags

Sightings

Nomenclature