Date
1 - 1 of 1
CVE 2016-6655: Utility script command injection
|
Travis McPeak
CVE 2016-6655: Utility script command injectionSeverity
Critical Vendor Cloud Foundry Foundation Versions Affected - Cloud Foundry release versions prior to v245 - cf-mysql-release versions prior to v31 Description A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry. Mitigation OSS users are strongly encouraged to follow one of the mitigations below: - Upgrade to Cloud Foundry v245 [1] or later - Upgrade to cf-mysql-release v31 [2] or later Credit This issue was discovered by IBM BlueMix. References - [1] https://github.com/cloudfoundry/cf-release/releases/tag/v245 - [2] https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v31
|
|
|