CVE-2016-0928 PCF Open Redirects


Severity

High

Vendor

Pivotal

Versions Affected
  • Pivotal Cloud Foundry Elastic Runtime 1.7.x versions older than 1.7.8 and any versions older than 1.6.30
Description

An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Elastic Runtime versions 1.7.7 and earlier 1.7.x versions
  • Pivotal Elastic Runtime versions 1.6.29 and earlier versions
Mitigation

Users of affected versions should apply the following mitigation:

  • Update your Pivotal Elastic Runtime to 1.7.8 if you are on earlier 1.7.x versions
  • Update your Pivotal Elastic Runtime to 1.6.30 if you are on earlier versions
Credit

San Tran, Digital Transformation Office, Australian Government and Joe Blac and Dor Tumarkin, Cisco Security consultants

References