CVE-2017-8037 - Vulnerability Details

Vendors	Products
Cloudfoundry	Capi-release Cf-release

Link	Providers
http://www.securityfocus.com/bid/100448
https://www.cloudfoundry.org/cve-2017-8037/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cloud Foundry", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cloud Foundry"}]}], "datePublic": "2017-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."}], "problemTypes": [{"descriptions": [{"description": "Information Leak / Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-22T08:06:05", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"name": "100448", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100448"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-8037", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry", "version": {"version_data": [{"version_value": "Cloud Foundry"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Leak / Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/cve-2017-8037/", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"name": "100448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100448"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.884Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"name": "100448", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100448"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-8037", "datePublished": "2017-08-21T22:00:00", "dateReserved": "2017-04-21T00:00:00", "dateUpdated": "2024-08-05T16:19:29.884Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cloud Foundry (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Cloud Foundry (string)

}

]

}

]

datePublic : 2017-08-21T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information Leak / Disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-03-22T08:06:05 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.cloudfoundry.org/cve-2017-8037/ (string)

}

1 : { »

name : 100448 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/100448 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security_alert@emc.com (string)

ID : CVE-2017-8037 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cloud Foundry (string)

version : { »

version_data : [ »

0 : { »

version_value : Cloud Foundry (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Leak / Disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.cloudfoundry.org/cve-2017-8037/ (string)

refsource : CONFIRM (string)

url : https://www.cloudfoundry.org/cve-2017-8037/ (string)

}

1 : { »

name : 100448 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/100448 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T16:19:29.884Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.cloudfoundry.org/cve-2017-8037/ (string)

}

1 : { »

name : 100448 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/100448 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2017-8037 (string)

datePublished : 2017-08-21T22:00:00 (string)

dateReserved : 2017-04-21T00:00:00 (string)

dateUpdated : 2024-08-05T16:19:29.884Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F260594E-4032-406D-8B84-3E91400F86FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2D9350E-0AA5-4D9A-A41A-855B40E440D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A66A9C0A-9B42-4B7E-A4B7-F06601B67FB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "207F6A29-0A37-4CDD-8DB2-E6CD89204013", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3803207-D7A0-47E0-A357-314C245C5C13", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "039156DB-D2DC-4AD5-9ACE-52095FE688BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "7343B84E-3255-4BB4-A988-03BC9DC8D7E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3EB53101-EC12-49DE-8C3C-3B373C4FA1E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "15625A3E-61A4-4F7E-BFEC-7ED830AE41C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "38B7D6B1-2CB1-4FB1-BC63-3104391D2742", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4D9D5D4-14E4-404A-B88E-78C8A37CB9B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C56907A-3233-435F-933B-8E3ED4965BC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "A33E86E4-BD1C-4D03-9AF4-7A86B0B5BCE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "C409657C-0C4D-4873-B707-38AC618035CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:*", "matchCriteriaId": "41CD5C38-E188-41DB-A811-27438525FDAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E3EC8F2-3520-4952-9541-3C56F6D131BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1671324-93EB-4409-9BA5-0D2D847C6A85", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "45AC669D-3AED-48C2-ADA2-D1EE235FA793", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "8970738B-E240-4C3E-A8F6-57FB66976B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "00406C75-1032-49A3-9C4E-AC41F46CA778", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:*", "matchCriteriaId": "D464CFBC-5AEF-4B65-8616-8E31E8C856D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "7FE0978C-1BEC-4FCE-A625-0FF196B3E6C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B258E3E-2291-4180-9735-71EE2874250B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "D416F421-66EB-4A80-BC1A-B99AE3F7E126", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D8DA9C5-C65C-467B-AD90-8B84E8EF9397", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D7F5A30-36EF-4F1D-B712-4F482F757CEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:*", "matchCriteriaId": "D8D55D28-676E-42C4-90A5-C9CE306D42C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "76369246-BE4B-4FAC-855B-8590C5C8DFBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "F684CB9F-8079-452A-9F27-8F964C636AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "772569FD-E641-42EB-A694-64EC4E7437E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "35A5003C-2FB9-4FA3-AC7E-038CD573A23C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:*", "matchCriteriaId": "2DA6A56C-E0FE-4CB1-BE86-4C1E80D97265", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:*", "matchCriteriaId": "BAF4D7D1-4C35-4F76-816D-3F2407804E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:*", "matchCriteriaId": "D852D5F4-DDB4-4C76-88B6-EB49E21FEDC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:*", "matchCriteriaId": "B35C30C1-E2B9-4590-8765-1E0DA735E026", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:*", "matchCriteriaId": "3680FAA7-9B57-4A9A-BD20-68821A7D4FE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:*", "matchCriteriaId": "E9F9A19A-9E31-4E4A-869C-9C13163A06C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:*", "matchCriteriaId": "F08095E9-1BA9-438F-B776-D75F419E682E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:*", "matchCriteriaId": "CAE29D36-9A2E-4D87-8C0C-D8FC1034B027", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:*", "matchCriteriaId": "7E227D42-19CA-45DD-AAC1-8D31537B5BFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:*", "matchCriteriaId": "BC145421-17F6-438B-9C3F-8DED72F3B5B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:*", "matchCriteriaId": "5046C2CB-99C6-4243-B830-B3957910F1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:*", "matchCriteriaId": "5A07B320-7DC3-4E7B-8997-6606F8FCBEBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:*", "matchCriteriaId": "3F7777A5-9136-49E4-9A6F-3C9A6687DAA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:*", "matchCriteriaId": "88C90B83-9597-427C-A941-06F0C5A8C3DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:*", "matchCriteriaId": "A3D92B65-E45A-42EE-B0B9-AD69E1881E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:*", "matchCriteriaId": "A98BAE4B-184F-49A4-89E1-4F270CC7FEC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:*", "matchCriteriaId": "A7E78B11-B3E9-4D62-8F17-F2575D7F9181", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:*", "matchCriteriaId": "EB5EF186-0D05-497D-A66C-142ED0DFA973", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:*", "matchCriteriaId": "7A262620-E71A-44C7-A1F4-BEEDF107BC2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:*", "matchCriteriaId": "B9D721F9-227C-4F1D-9010-D1920F692228", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:*", "matchCriteriaId": "6AE4BA55-963C-4EB1-AD85-344AAE107A82", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:*", "matchCriteriaId": "7E5827B3-143F-408B-A0C7-005079BD9215", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:*", "matchCriteriaId": "762BE4A1-931B-4C44-94C8-F5DC894CFD1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:*", "matchCriteriaId": "735E1016-97F0-4286-955F-6017A2F8AD79", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:*", "matchCriteriaId": "F021AB15-30F0-46DE-B613-11E3D4C9FD50", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure."}, {"lang": "es", "value": "En Cloud Foundry Foundation CAPI-release en versiones posteriores a la v1.6.0 y anteriores a la v1.38.0 y cf-release en versiones posteriores a la v244 y anteriores a la v270 hay una soluci\u00f3n incompleta para CVE-2017-8035. Si ha emprendido acciones para solucionar CVE-2017-8035, tambi\u00e9n deber\u00eda actualizar para solucionar este CVE. Una petici\u00f3n CAPI especialmente manipulada desde un Space Developer puede permitir que atacantes obtengan acceso al Cloud Controller VM para tal instalaci\u00f3n. Esto tambi\u00e9n se conoce como (Fuga/Divulgaci\u00f3n de Informaci\u00f3n)."}], "id": "CVE-2017-8037", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-21T22:29:00.183", "references": [{"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/100448"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/100448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/cve-2017-8037/"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F260594E-4032-406D-8B84-3E91400F86FF (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F2D9350E-0AA5-4D9A-A41A-855B40E440D6 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A66A9C0A-9B42-4B7E-A4B7-F06601B67FB8 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 207F6A29-0A37-4CDD-8DB2-E6CD89204013 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.11.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D3803207-D7A0-47E0-A357-314C245C5C13 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 039156DB-D2DC-4AD5-9ACE-52095FE688BE (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.13.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7343B84E-3255-4BB4-A988-03BC9DC8D7E3 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.14.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3EB53101-EC12-49DE-8C3C-3B373C4FA1E0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.15.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 15625A3E-61A4-4F7E-BFEC-7ED830AE41C9 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.16.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 38B7D6B1-2CB1-4FB1-BC63-3104391D2742 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.17.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D4D9D5D4-14E4-404A-B88E-78C8A37CB9B3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.18.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0C56907A-3233-435F-933B-8E3ED4965BC8 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.19.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A33E86E4-BD1C-4D03-9AF4-7A86B0B5BCE1 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.20.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C409657C-0C4D-4873-B707-38AC618035CF (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.21.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 41CD5C38-E188-41DB-A811-27438525FDAD (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.22.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 5E3EC8F2-3520-4952-9541-3C56F6D131BF (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.23.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B1671324-93EB-4409-9BA5-0D2D847C6A85 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.24.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 45AC669D-3AED-48C2-ADA2-D1EE235FA793 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.25.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8970738B-E240-4C3E-A8F6-57FB66976B6A (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.26.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 00406C75-1032-49A3-9C4E-AC41F46CA778 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.27.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D464CFBC-5AEF-4B65-8616-8E31E8C856D5 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.28.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7FE0978C-1BEC-4FCE-A625-0FF196B3E6C6 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.29.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B258E3E-2291-4180-9735-71EE2874250B (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.30.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D416F421-66EB-4A80-BC1A-B99AE3F7E126 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.31.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6D8DA9C5-C65C-467B-AD90-8B84E8EF9397 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.32.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6D7F5A30-36EF-4F1D-B712-4F482F757CEA (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.33.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D8D55D28-676E-42C4-90A5-C9CE306D42C7 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.34.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 76369246-BE4B-4FAC-855B-8590C5C8DFBA (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.35.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F684CB9F-8079-452A-9F27-8F964C636AD2 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.36.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 772569FD-E641-42EB-A694-64EC4E7437E3 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:cloudfoundry:capi-release:1.37.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 35A5003C-2FB9-4FA3-AC7E-038CD573A23C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:245:*:*:*:*:*:*:* (string)

matchCriteriaId : 2DA6A56C-E0FE-4CB1-BE86-4C1E80D97265 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:246:*:*:*:*:*:*:* (string)

matchCriteriaId : BAF4D7D1-4C35-4F76-816D-3F2407804E85 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:247:*:*:*:*:*:*:* (string)

matchCriteriaId : D852D5F4-DDB4-4C76-88B6-EB49E21FEDC5 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:248:*:*:*:*:*:*:* (string)

matchCriteriaId : B35C30C1-E2B9-4590-8765-1E0DA735E026 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:249:*:*:*:*:*:*:* (string)

matchCriteriaId : 3680FAA7-9B57-4A9A-BD20-68821A7D4FE2 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:250:*:*:*:*:*:*:* (string)

matchCriteriaId : E9F9A19A-9E31-4E4A-869C-9C13163A06C6 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:251:*:*:*:*:*:*:* (string)

matchCriteriaId : F08095E9-1BA9-438F-B776-D75F419E682E (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:252:*:*:*:*:*:*:* (string)

matchCriteriaId : CAE29D36-9A2E-4D87-8C0C-D8FC1034B027 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:253:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E227D42-19CA-45DD-AAC1-8D31537B5BFA (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:254:*:*:*:*:*:*:* (string)

matchCriteriaId : BC145421-17F6-438B-9C3F-8DED72F3B5B8 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:255:*:*:*:*:*:*:* (string)

matchCriteriaId : 5046C2CB-99C6-4243-B830-B3957910F1AF (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:256:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A07B320-7DC3-4E7B-8997-6606F8FCBEBB (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:257:*:*:*:*:*:*:* (string)

matchCriteriaId : 3F7777A5-9136-49E4-9A6F-3C9A6687DAA7 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:258:*:*:*:*:*:*:* (string)

matchCriteriaId : 88C90B83-9597-427C-A941-06F0C5A8C3DD (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:259:*:*:*:*:*:*:* (string)

matchCriteriaId : A3D92B65-E45A-42EE-B0B9-AD69E1881E2B (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:260:*:*:*:*:*:*:* (string)

matchCriteriaId : A98BAE4B-184F-49A4-89E1-4F270CC7FEC8 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:261:*:*:*:*:*:*:* (string)

matchCriteriaId : A7E78B11-B3E9-4D62-8F17-F2575D7F9181 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:262:*:*:*:*:*:*:* (string)

matchCriteriaId : EB5EF186-0D05-497D-A66C-142ED0DFA973 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:263:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A262620-E71A-44C7-A1F4-BEEDF107BC2E (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:264:*:*:*:*:*:*:* (string)

matchCriteriaId : B9D721F9-227C-4F1D-9010-D1920F692228 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:265:*:*:*:*:*:*:* (string)

matchCriteriaId : 6AE4BA55-963C-4EB1-AD85-344AAE107A82 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:266:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E5827B3-143F-408B-A0C7-005079BD9215 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:267:*:*:*:*:*:*:* (string)

matchCriteriaId : 762BE4A1-931B-4C44-94C8-F5DC894CFD1F (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:268:*:*:*:*:*:*:* (string)

matchCriteriaId : 735E1016-97F0-4286-955F-6017A2F8AD79 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:cloudfoundry:cf-release:269:*:*:*:*:*:*:* (string)

matchCriteriaId : F021AB15-30F0-46DE-B613-11E3D4C9FD50 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. (string)

}

1 : { »

lang : es (string)

value : En Cloud Foundry Foundation CAPI-release en versiones posteriores a la v1.6.0 y anteriores a la v1.38.0 y cf-release en versiones posteriores a la v244 y anteriores a la v270 hay una solución incompleta para CVE-2017-8035. Si ha emprendido acciones para solucionar CVE-2017-8035, también debería actualizar para solucionar este CVE. Una petición CAPI especialmente manipulada desde un Space Developer puede permitir que atacantes obtengan acceso al Cloud Controller VM para tal instalación. Esto también se conoce como (Fuga/Divulgación de Información). (string)

}

]

id : CVE-2017-8037 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-08-21T22:29:00.183 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

url : http://www.securityfocus.com/bid/100448 (string)

}

1 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudfoundry.org/cve-2017-8037/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/100448 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.cloudfoundry.org/cve-2017-8037/ (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object