CVE-2017-4960 - Vulnerability Details

Vendors	Products
Cloudfoundry	Cloud Foundry Uaa Bosh
Pivotal Software	Cloud Foundry Cloud Foundry Uaa

Link	Providers
http://www.securityfocus.com/bid/96780
https://www.cloudfoundry.org/cve-2017-4960/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26"}]}], "datePublic": "2017-03-09T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack."}], "problemTypes": [{"descriptions": [{"description": "DOS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-13T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/cve-2017-4960/"}, {"name": "96780", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96780"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4960", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26", "version": {"version_data": [{"version_value": "Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DOS"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/cve-2017-4960/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/cve-2017-4960/"}, {"name": "96780", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96780"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:43.770Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudfoundry.org/cve-2017-4960/"}, {"name": "96780", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96780"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4960", "datePublished": "2017-03-10T01:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:43.770Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26 (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26 (string)

}

]

}

]

datePublic : 2017-03-09T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : DOS (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-03-13T09:57:01 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.cloudfoundry.org/cve-2017-4960/ (string)

}

1 : { »

name : 96780 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/96780 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security_alert@emc.com (string)

ID : CVE-2017-4960 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26 (string)

version : { »

version_data : [ »

0 : { »

version_value : Cloud Foundry Foundation Cloud Foundry release v247 - v252, UAA stand-alone release v3.9.0 - v3.11.0, UAA Bosh Release v21 - v26 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : DOS (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.cloudfoundry.org/cve-2017-4960/ (string)

refsource : CONFIRM (string)

url : https://www.cloudfoundry.org/cve-2017-4960/ (string)

}

1 : { »

name : 96780 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/96780 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T14:47:43.770Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.cloudfoundry.org/cve-2017-4960/ (string)

}

1 : { »

name : 96780 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/96780 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2017-4960 (string)

datePublished : 2017-03-10T01:00:00 (string)

dateReserved : 2016-12-29T00:00:00 (string)

dateUpdated : 2024-08-05T14:47:43.770Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:21:*:*:*:*:*:*:*", "matchCriteriaId": "784CA85B-F8C2-4F4C-833E-E1E768A8F0F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:22:*:*:*:*:*:*:*", "matchCriteriaId": "60D7A7DE-516D-4C20-8307-BC6B65E379B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:23:*:*:*:*:*:*:*", "matchCriteriaId": "509D150A-5BE8-4315-922B-B372F0D46E3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*", "matchCriteriaId": "A090F790-1A28-4238-8727-3F9475706A9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*", "matchCriteriaId": "AEFE0727-C152-4726-A70E-C75BACD31071", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "38D708B8-485D-445E-8A21-474A500F1184", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4B8A221-8740-4D35-871D-EABDB2F8332D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*", "matchCriteriaId": "A426C1DD-0C64-468A-B96E-B0B94FFF0A89", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*", "matchCriteriaId": "DEFEEACE-5BED-4507-A770-69D36F478791", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*", "matchCriteriaId": "860B073C-AC50-473C-9650-7421F3638FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:25:*:*:*:*:*:*:*", "matchCriteriaId": "78CDCE0A-389D-4253-844B-B626E747A87C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:26:*:*:*:*:*:*:*", "matchCriteriaId": "4263EBF1-3B08-4811-99FE-534A237A5F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:247.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B937BC1-7B91-4849-A541-FD43A0EB9611", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:248.0:*:*:*:*:*:*:*", "matchCriteriaId": "73A54D99-BAFF-43C9-A56D-ACBAEE7649A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:249.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A7536F7-9B8A-416C-AC98-361023E0D502", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:250.0:*:*:*:*:*:*:*", "matchCriteriaId": "C00DF1F8-F28A-47FE-989E-10E18C2D4E42", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:251.0:*:*:*:*:*:*:*", "matchCriteriaId": "03334DFC-1D5A-44D9-92A8-2DA01CCC0D3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:252.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CFB2CC4-DCB0-448F-BEB8-0ED3FA2C67E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6034E85-5886-490E-9925-FD9EEF457382", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "6955DB34-FA12-41A6-A90F-456777ADEB81", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B92D875-509C-42BE-90E4-112C94170199", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "6B83917A-D326-4874-AD82-0DBD131DC0EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "C5C19F44-AB0F-44BB-A298-F81B853FA71D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "B981590F-0649-4BBA-AB5F-CC5C7858DFF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "1A36B9F9-6D45-4D84-869A-25131BF482BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "FADC5C69-1910-4D19-97B2-B44A594B8B34", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B76CE44-5F82-4AAC-9DF3-8F74E19FA53D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4024EFF-BE52-4B11-AAE7-A3070744031A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack."}, {"lang": "es", "value": "Se ha descubierto un problema en Cloud Foundry release v247 hasta la versi\u00f3n v252, UAA stand-alone release v3.9.0 hasta la versi\u00f3n v3.11.0 y UAA Bosh Release v21 hasta la versi\u00f3n v26. Hay un potencial para someter a los clientes UAA OAuth a un ataque de denegaci\u00f3n de servicio."}], "id": "CVE-2017-4960", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-10T01:59:00.143", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96780"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2017-4960/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2017-4960/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:21:*:*:*:*:*:*:* (string)

matchCriteriaId : 784CA85B-F8C2-4F4C-833E-E1E768A8F0F1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:22:*:*:*:*:*:*:* (string)

matchCriteriaId : 60D7A7DE-516D-4C20-8307-BC6B65E379B3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:23:*:*:*:*:*:*:* (string)

matchCriteriaId : 509D150A-5BE8-4315-922B-B372F0D46E3C (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:* (string)

matchCriteriaId : A090F790-1A28-4238-8727-3F9475706A9E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AEFE0727-C152-4726-A70E-C75BACD31071 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 38D708B8-485D-445E-8A21-474A500F1184 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E4B8A221-8740-4D35-871D-EABDB2F8332D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:* (string)

matchCriteriaId : A426C1DD-0C64-468A-B96E-B0B94FFF0A89 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DEFEEACE-5BED-4507-A770-69D36F478791 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 860B073C-AC50-473C-9650-7421F3638FB1 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:25:*:*:*:*:*:*:* (string)

matchCriteriaId : 78CDCE0A-389D-4253-844B-B626E747A87C (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:26:*:*:*:*:*:*:* (string)

matchCriteriaId : 4263EBF1-3B08-4811-99FE-534A237A5F60 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry:247.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B937BC1-7B91-4849-A541-FD43A0EB9611 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry:248.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 73A54D99-BAFF-43C9-A56D-ACBAEE7649A4 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry:249.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A7536F7-9B8A-416C-AC98-361023E0D502 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry:250.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C00DF1F8-F28A-47FE-989E-10E18C2D4E42 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry:251.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 03334DFC-1D5A-44D9-92A8-2DA01CCC0D3E (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry:252.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6CFB2CC4-DCB0-448F-BEB8-0ED3FA2C67E4 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B6034E85-5886-490E-9925-FD9EEF457382 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6955DB34-FA12-41A6-A90F-456777ADEB81 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 5B92D875-509C-42BE-90E4-112C94170199 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 166C908D-7D5F-43DD-B3EA-BAFF23DBBDAC (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B83917A-D326-4874-AD82-0DBD131DC0EC (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:* (string)

matchCriteriaId : C5C19F44-AB0F-44BB-A298-F81B853FA71D (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:* (string)

matchCriteriaId : B981590F-0649-4BBA-AB5F-CC5C7858DFF7 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 1A36B9F9-6D45-4D84-869A-25131BF482BD (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:* (string)

matchCriteriaId : FADC5C69-1910-4D19-97B2-B44A594B8B34 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B76CE44-5F82-4AAC-9DF3-8F74E19FA53D (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.11.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C4024EFF-BE52-4B11-AAE7-A3070744031A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack. (string)

}

1 : { »

lang : es (string)

value : Se ha descubierto un problema en Cloud Foundry release v247 hasta la versión v252, UAA stand-alone release v3.9.0 hasta la versión v3.11.0 y UAA Bosh Release v21 hasta la versión v26. Hay un potencial para someter a los clientes UAA OAuth a un ataque de denegación de servicio. (string)

}

]

id : CVE-2017-4960 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-03-10T01:59:00.143 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/96780 (string)

}

1 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudfoundry.org/cve-2017-4960/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/96780 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudfoundry.org/cve-2017-4960/ (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object