All Vulnerability Reports

CVE-2017-8031: UAA Denial of Service through client token revocation endpoint

Severity

Medium

References

• http://www.cloudfoundry.org/cve-2017-8031

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

• PCF Elastic Runtime:
  • All versions prior to 1.10.32
  • 1.11.x versions prior to 1.11.18
  • 1.12.x versions prior to 1.12.6
• PCF Operations Manager:
  • All versions prior to 1.10.18
  • 1.11.x prior to 1.11.13
  • 1.12.x versions prior to 1.12.14

Mitigation

Users of affected versions should apply the following mitigation:

• The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
• Releases that have fixed this issue include:
  • PCF Elastic Runtime: 1.10.32, 1.11.18, 1.12.6
  • PCF Operations Manager: 1.10.18, 1.11.13, 1.12.14