CVE-2016-6655 Utility Script Command Injection

Severity

Critical

Vendor

Cloud Foundry Foundation

Versions Affected

Cloud Foundry release versions prior to v245
cf-mysql-release versions prior to v31

Description

A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.

Mitigation

OSS users are strongly encouraged to follow the mitigations below:

Upgrade to Cloud Foundry v245 [1] or later
Upgrade to cf-mysql-release v31 [2] or later

Credit

IBM Bluemix Team

References

[1] https://github.com/cloudfoundry/cf-release/releases/tag/v245
[2] https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v31

CVE-2016-6655 Utility Script Command Injection

Severity

Vendor

Versions Affected

Description

Mitigation

Credit

References

You Might Also Like

USN-3388-1: Subversion vulnerabilities

USN-3836-2: Linux kernel (HWE) vulnerabilities

CVE-2019-11277: Volume Services is vulnerable to an LDAP injection attack

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!