Vulnerabilities > CVE-2016-0780 - Resource Management Errors vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pivotal-software

cloudfoundry

CWE-399

NVD

Published: 2017-05-25

Updated: 2021-08-25

Summary

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Cloud Foundry Elastic Runtime 1.6.5 Pivotal Software Cloud Foundry Elastic Runtime 1.6.13 Pivotal Software Cloud Foundry Elastic Runtime 1.5.11 Pivotal Software Cloud Foundry Elastic Runtime 1.6.7 Pivotal Software Cloud Foundry Elastic Runtime 1.6.6 Pivotal Software Cloud Foundry Elastic Runtime 1.5.16 Pivotal Software Cloud Foundry Elastic Runtime 1.5.0 Pivotal Software Cloud Foundry Elastic Runtime 1.5.6 Pivotal Software Cloud Foundry Elastic Runtime 1.5.7 Pivotal Software Cloud Foundry Elastic Runtime 1.6.9 Pivotal Software Cloud Foundry Elastic Runtime 1.5.5 Pivotal Software Cloud Foundry Elastic Runtime 1.6.14 Pivotal Software Cloud Foundry Elastic Runtime 1.5.13 Pivotal Software Cloud Foundry Elastic Runtime 1.6.17 Pivotal Software Cloud Foundry Elastic Runtime 1.5.2 Pivotal Software Cloud Foundry Elastic Runtime 1.6.10 Pivotal Software Cloud Foundry Elastic Runtime 1.5.4 Pivotal Software Cloud Foundry Elastic Runtime 1.6.0 Pivotal Software Cloud Foundry Elastic Runtime 1.6.2 Pivotal Software Cloud Foundry Elastic Runtime 1.5.10 Pivotal Software Cloud Foundry Elastic Runtime 1.6.15 Pivotal Software Cloud Foundry Elastic Runtime 1.6.3 Pivotal Software Cloud Foundry Elastic Runtime 1.5.8 Pivotal Software Cloud Foundry Elastic Runtime 1.6.11 Pivotal Software Cloud Foundry Elastic Runtime 1.6.4 Pivotal Software Cloud Foundry Elastic Runtime 1.5.15 Pivotal Software Cloud Foundry Elastic Runtime 1.5.1 Pivotal Software Cloud Foundry Elastic Runtime 1.6.12 Pivotal Software Cloud Foundry Elastic Runtime 1.6.16 Pivotal Software Cloud Foundry Elastic Runtime 1.5.12 Pivotal Software Cloud Foundry Elastic Runtime 1.6.8 Pivotal Software Cloud Foundry Elastic Runtime 1.6.1 Pivotal Software Cloud Foundry Elastic Runtime 1.5.3 Pivotal Software Cloud Foundry Elastic Runtime 1.5.9 Pivotal Software Cloud Foundry Elastic Runtime 1.5.14	35
Application	Cloudfoundry Cloudfoundry CF Release 231	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

https://pivotal.io/security/cve-2016-0780