CVE-2016-6636
- Source
- https://cve.org/CVERecord?id=CVE-2016-6636
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6636.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-6636
- Published
- 2016-09-30T00:59:00.180Z
- Modified
- 2026-04-11T12:04:38.710329Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.10" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.11" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.12" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.13" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.14" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.15" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.17" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.18" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.19" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.20" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.21" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.22" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.23" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.25" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.26" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.27" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.28" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.29" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.30" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.31" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.32" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.33" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.34" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.35" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.36" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.37" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.38" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.39" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.6" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.7" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.8" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.6.9" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.10" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.11" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.12" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.13" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.14" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.15" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.16" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.17" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.18" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.19" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.20" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.5" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.6" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.7" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.8" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.9" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.10" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.11:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.11" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.12:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.12" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.5:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.5" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.6" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.7:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.7" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.8:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.8" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.9:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.7.9" } ], "source": "CPE_FIELD" } ] }- References
Affected packages
Git
github.com/cloudfoundry-attic/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry-attic/cf-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "last_affected": "241" } ], "source": "CPE_FIELD" }
github.com/cloudfoundry/uaa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_ops_manager:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.4.2:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.6.0" }, { "last_affected": "1.6.1" }, { "last_affected": "1.6.2" }, { "last_affected": "1.6.3" }, { "last_affected": "1.6.4" }, { "last_affected": "1.6.5" }, { "last_affected": "1.7.0" }, { "last_affected": "1.7.1" }, { "last_affected": "1.7.2" }, { "last_affected": "1.8.0" }, { "last_affected": "2.3.0" }, { "last_affected": "2.3.1" }, { "last_affected": "2.4.0" }, { "last_affected": "2.5.1" }, { "last_affected": "2.6.1" }, { "last_affected": "2.7.0.2" }, { "last_affected": "2.7.0.3" }, { "last_affected": "2.7.1" }, { "last_affected": "2.7.2" }, { "last_affected": "2.7.3" }, { "last_affected": "2.7.4.6" }, { "last_affected": "3.0.0" }, { "last_affected": "3.0.1" }, { "last_affected": "3.1.0" }, { "last_affected": "3.2.0" }, { "last_affected": "3.2.1" }, { "last_affected": "3.3.0" }, { "last_affected": "3.3.0.1" }, { "last_affected": "3.4.0" }, { "last_affected": "3.4.1" }, { "last_affected": "3.4.2" } ], "source": "CPE_FIELD" }
Affected versions
1.*
1.0.1
1.0.3
1.1
1.1.1
1.1.2
1.10
1.11
1.2.0
1.2.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.4.1
2.2.5
2.2.6
2.3.0
2.3.1
2.3.1.1
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.7.0.1
2.7.0.2
2.7.0.3
2.7.1
2.7.2
2.7.3
2.7.4
2.7.4.1
2.7.4.2
2.7.4.3
2.7.4.4
2.7.4.5
2.7.4.6
3.*
3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.3.0
3.3.0.1
3.4.0
3.4.1
3.4.2
Other
lenient_hybrid_flow
travis-success-1475
travis-success-1478
travis-success-1497
github.com/cloudfoundry/uaa-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "last_affected": "12.3" } ], "source": "CPE_FIELD" }