CVE-2016-6639 in Cloudfoundry and Pivotal Products
Published on September 18, 2016
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.
Products Associated with CVE-2016-6639
stack.watch emails you whenever new vulnerabilities are published in Cloudfoundry Php Buildpack or Pivotal Cloud Foundry Elastic Runtime. Just hit a watch button to start following.
Exploit Probability
EPSS
0.38%
Percentile
59.13%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.