Vulnerabilities > CVE-2017-4960

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pivotal-software

cloudfoundry

NVD

Published: 2017-03-10

Updated: 2021-08-06

Summary

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Cloud Foundry UAA 3.9.8 Pivotal Software Cloud Foundry UAA 3.9.5 Pivotal Software Cloud Foundry UAA 3.11.0 Pivotal Software Cloud Foundry UAA 3.9.6 Pivotal Software Cloud Foundry UAA 3.9.0 Pivotal Software Cloud Foundry UAA 3.9.3 Pivotal Software Cloud Foundry UAA 3.9.2 Pivotal Software Cloud Foundry UAA 3.9.7 Pivotal Software Cloud Foundry UAA 3.10.0 Pivotal Software Cloud Foundry UAA 3.9.1 Pivotal Software Cloud Foundry UAA 3.9.4 Pivotal Software Cloud Foundry 247.0 Pivotal Software Cloud Foundry 248.0 Pivotal Software Cloud Foundry 252.0 Pivotal Software Cloud Foundry 250.0 Pivotal Software Cloud Foundry 249.0 Pivotal Software Cloud Foundry 251.0	17
Application	Cloudfoundry Cloudfoundry Cloud Foundry UAA Bosh 24 Cloudfoundry Cloud Foundry UAA Bosh 25 Cloudfoundry Cloud Foundry UAA Bosh 26 Cloudfoundry Cloud Foundry UAA Bosh 24.5 Cloudfoundry Cloud Foundry UAA Bosh 24.6 Cloudfoundry Cloud Foundry UAA Bosh 24.3 Cloudfoundry Cloud Foundry UAA Bosh 24.4 Cloudfoundry Cloud Foundry UAA Bosh 24.1 Cloudfoundry Cloud Foundry UAA Bosh 24.2 Cloudfoundry Cloud Foundry UAA Bosh 22 Cloudfoundry Cloud Foundry UAA Bosh 21 Cloudfoundry Cloud Foundry UAA Bosh 23	12

Vulnerabilities > CVE-2017-4960 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2017-4960"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2017-4960