CVE-2016-0708
- Source
- https://cve.org/CVERecord?id=CVE-2016-0708
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0708.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-0708
- Published
- 2018-07-11T20:29:00.227Z
- Modified
- 2025-12-02T20:57:02.040039Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.
- References
Affected packages
Git / github.com/cloudfoundry/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/cf-release
- Events
-
IntroducedLast affected
Affected versions
Other
v
v166
v168
v169
v170
v171
v172
v173
v175
v176
v177
v178
v179
v180
v182
v183
v186
v187
v188
v189
v190
v191
v192
v193
v194
v195
v196
v197
v198
v199
v200
v201
v202
v203
v204
v205
v206
v207
v208
v209
v210
v211
v212
v213
v214
v215
v217
v218
v219
v220
v221
v222
v223
v224
v225
v226
v227