CVE-2016-6655 - OpenCVE

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cloudfoundry	Cf-mysql-release Cf-release

Configuration 1 [-]

OR	cpe:2.3:a:cloudfoundry:cf-mysql-release::::::::
	cpe:2.3:a:cloudfoundry:cf-release::::::::

References

Link	Resource
http://www.securityfocus.com/bid/93889	Third Party Advisory VDB Entry
https://www.cloudfoundry.org/cve-2016-6655/	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2017-06-13T06:00:00

Updated: 2017-06-13T09:57:01

Reserved: 2016-08-10T00:00:00

Link: CVE-2016-6655

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-06-13T06:29:00.190

Modified: 2017-11-08T12:58:19.673

Link: CVE-2016-6655

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"containers": {"cna": {"affected": [{"product": "Cloud Foundry", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cloud Foundry"}]}], "datePublic": "2017-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."}], "problemTypes": [{"descriptions": [{"description": "command injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-13T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/cve-2016-6655/"}, {"name": "93889", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93889"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-6655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry", "version": {"version_data": [{"version_value": "Cloud Foundry"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "command injection"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/cve-2016-6655/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/cve-2016-6655/"}, {"name": "93889", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93889"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-6655", "datePublished": "2017-06-13T06:00:00", "dateReserved": "2016-08-10T00:00:00", "dateUpdated": "2017-06-13T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-mysql-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "503F79C0-4F12-4AA0-8902-12217C476BBC", "versionEndIncluding": "30", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A9D6FC7-3CB5-4C15-A0F3-E64577C72EAB", "versionEndIncluding": "244", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."}, {"lang": "es", "value": "Un problema fue descubierto en Cloud Foundry Foundation Cloud Foundry liberado en versiones anteriores a la v245 y cf-mysql liberado anterior a la v31. Una inyecci\u00f3n de comando fue descubierta en un script com\u00fan usado por varios componentes de Cloud Foundry. Un usuario malicioso podr\u00eda explotar numerosos vectores para ejecutar comando arbitrarios en servidores con Cloud Foundry ejecut\u00e1ndose."}], "id": "CVE-2016-6655", "lastModified": "2017-11-08T12:58:19.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-13T06:29:00.190", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93889"}, {"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2016-6655/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}