CVE-2016-6639 Information
Feb 14, 2021
cve
Description
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242 as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products place the .profile file in the htdocs directory which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://github.com/cloudfoundry/php-buildpack/commit/e2db3ccd4812e0c0aba20720fc51789d981aba67 https://pivotal.io/security/cve-2016-6639
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: