FKIE_CVE-2017-8037

Vulnerability from fkie_nvd - Published: 2017-08-21 22:29 - Updated: 2026-05-13 00:24
Severity
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
References
security_alert@emc.comhttp://www.securityfocus.com/bid/100448
security_alert@emc.comhttps://www.cloudfoundry.org/cve-2017-8037/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100448
af854a3a-2127-422b-91ae-364da2661108https://www.cloudfoundry.org/cve-2017-8037/Vendor Advisory
Impacted products
Vendor Product Version
cloudfoundry capi-release 1.7.0
cloudfoundry capi-release 1.8.0
cloudfoundry capi-release 1.9.0
cloudfoundry capi-release 1.10.0
cloudfoundry capi-release 1.11.0
cloudfoundry capi-release 1.12.0
cloudfoundry capi-release 1.13.0
cloudfoundry capi-release 1.14.0
cloudfoundry capi-release 1.15.0
cloudfoundry capi-release 1.16.0
cloudfoundry capi-release 1.17.0
cloudfoundry capi-release 1.18.0
cloudfoundry capi-release 1.19.0
cloudfoundry capi-release 1.20.0
cloudfoundry capi-release 1.21.0
cloudfoundry capi-release 1.22.0
cloudfoundry capi-release 1.23.0
cloudfoundry capi-release 1.24.0
cloudfoundry capi-release 1.25.0
cloudfoundry capi-release 1.26.0
cloudfoundry capi-release 1.27.0
cloudfoundry capi-release 1.28.0
cloudfoundry capi-release 1.29.0
cloudfoundry capi-release 1.30.0
cloudfoundry capi-release 1.31.0
cloudfoundry capi-release 1.32.0
cloudfoundry capi-release 1.33.0
cloudfoundry capi-release 1.34.0
cloudfoundry capi-release 1.35.0
cloudfoundry capi-release 1.36.0
cloudfoundry capi-release 1.37.0
cloudfoundry cf-release 245
cloudfoundry cf-release 246
cloudfoundry cf-release 247
cloudfoundry cf-release 248
cloudfoundry cf-release 249
cloudfoundry cf-release 250
cloudfoundry cf-release 251
cloudfoundry cf-release 252
cloudfoundry cf-release 253
cloudfoundry cf-release 254
cloudfoundry cf-release 255
cloudfoundry cf-release 256
cloudfoundry cf-release 257
cloudfoundry cf-release 258
cloudfoundry cf-release 259
cloudfoundry cf-release 260
cloudfoundry cf-release 261
cloudfoundry cf-release 262
cloudfoundry cf-release 263
cloudfoundry cf-release 264
cloudfoundry cf-release 265
cloudfoundry cf-release 266
cloudfoundry cf-release 267
cloudfoundry cf-release 268
cloudfoundry cf-release 269
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F260594E-4032-406D-8B84-3E91400F86FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D9350E-0AA5-4D9A-A41A-855B40E440D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66A9C0A-9B42-4B7E-A4B7-F06601B67FB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "207F6A29-0A37-4CDD-8DB2-E6CD89204013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3803207-D7A0-47E0-A357-314C245C5C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "039156DB-D2DC-4AD5-9ACE-52095FE688BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7343B84E-3255-4BB4-A988-03BC9DC8D7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB53101-EC12-49DE-8C3C-3B373C4FA1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15625A3E-61A4-4F7E-BFEC-7ED830AE41C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38B7D6B1-2CB1-4FB1-BC63-3104391D2742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D9D5D4-14E4-404A-B88E-78C8A37CB9B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C56907A-3233-435F-933B-8E3ED4965BC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A33E86E4-BD1C-4D03-9AF4-7A86B0B5BCE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C409657C-0C4D-4873-B707-38AC618035CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41CD5C38-E188-41DB-A811-27438525FDAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3EC8F2-3520-4952-9541-3C56F6D131BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1671324-93EB-4409-9BA5-0D2D847C6A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AC669D-3AED-48C2-ADA2-D1EE235FA793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8970738B-E240-4C3E-A8F6-57FB66976B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00406C75-1032-49A3-9C4E-AC41F46CA778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D464CFBC-5AEF-4B65-8616-8E31E8C856D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE0978C-1BEC-4FCE-A625-0FF196B3E6C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B258E3E-2291-4180-9735-71EE2874250B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D416F421-66EB-4A80-BC1A-B99AE3F7E126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8DA9C5-C65C-467B-AD90-8B84E8EF9397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D7F5A30-36EF-4F1D-B712-4F482F757CEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8D55D28-676E-42C4-90A5-C9CE306D42C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76369246-BE4B-4FAC-855B-8590C5C8DFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F684CB9F-8079-452A-9F27-8F964C636AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "772569FD-E641-42EB-A694-64EC4E7437E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35A5003C-2FB9-4FA3-AC7E-038CD573A23C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA6A56C-E0FE-4CB1-BE86-4C1E80D97265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF4D7D1-4C35-4F76-816D-3F2407804E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*",
              "matchCriteriaId": "D852D5F4-DDB4-4C76-88B6-EB49E21FEDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35C30C1-E2B9-4590-8765-1E0DA735E026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*",
              "matchCriteriaId": "3680FAA7-9B57-4A9A-BD20-68821A7D4FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F9A19A-9E31-4E4A-869C-9C13163A06C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*",
              "matchCriteriaId": "F08095E9-1BA9-438F-B776-D75F419E682E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAE29D36-9A2E-4D87-8C0C-D8FC1034B027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E227D42-19CA-45DD-AAC1-8D31537B5BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC145421-17F6-438B-9C3F-8DED72F3B5B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*",
              "matchCriteriaId": "5046C2CB-99C6-4243-B830-B3957910F1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A07B320-7DC3-4E7B-8997-6606F8FCBEBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7777A5-9136-49E4-9A6F-3C9A6687DAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C90B83-9597-427C-A941-06F0C5A8C3DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D92B65-E45A-42EE-B0B9-AD69E1881E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98BAE4B-184F-49A4-89E1-4F270CC7FEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E78B11-B3E9-4D62-8F17-F2575D7F9181",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB5EF186-0D05-497D-A66C-142ED0DFA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A262620-E71A-44C7-A1F4-BEEDF107BC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D721F9-227C-4F1D-9010-D1920F692228",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE4BA55-963C-4EB1-AD85-344AAE107A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5827B3-143F-408B-A0C7-005079BD9215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*",
              "matchCriteriaId": "762BE4A1-931B-4C44-94C8-F5DC894CFD1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*",
              "matchCriteriaId": "735E1016-97F0-4286-955F-6017A2F8AD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*",
              "matchCriteriaId": "F021AB15-30F0-46DE-B613-11E3D4C9FD50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."
    },
    {
      "lang": "es",
      "value": "En Cloud Foundry Foundation CAPI-release en versiones posteriores a la v1.6.0 y anteriores a la v1.38.0 y cf-release en versiones posteriores a la v244 y anteriores a la v270 hay una soluci\u00f3n incompleta para CVE-2017-8035. Si ha emprendido acciones para solucionar CVE-2017-8035, tambi\u00e9n deber\u00eda actualizar para solucionar este CVE. Una petici\u00f3n CAPI especialmente manipulada desde un Space Developer puede permitir que atacantes obtengan acceso al Cloud Controller VM para tal instalaci\u00f3n. Esto tambi\u00e9n se conoce como (Fuga/Divulgaci\u00f3n de Informaci\u00f3n)."
    }
  ],
  "id": "CVE-2017-8037",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-21T22:29:00.183",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/100448"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-8037/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/100448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/cve-2017-8037/"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.