2019-09-23 20:15:11 2019-10-10 01:45:20

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

NONE

Availability

PARTIAL
Cloudfoundry Cf-deployment 9.2.0 (not an official CPE) Cloudfoundry Cf-deployment 9.1.0 (not an official CPE) Cloudfoundry Cf-deployment 9.0.0 (not an official CPE) Cloudfoundry Cf-deployment 8.1.0 (not an official CPE) Cloudfoundry Cf-deployment 8.0.0 (not an official CPE) Cloudfoundry Cf-deployment 7.11.0 (not an official CPE) Cloudfoundry Cf-deployment 7.10.0 (not an official CPE) Cloudfoundry Cf-deployment 7.9.0 (not an official CPE) Cloudfoundry Cf-deployment 7.8.0 (not an official CPE) Cloudfoundry Cf-deployment 7.7.0 (not an official CPE) Cloudfoundry Cf-deployment 7.6.0 (not an official CPE) Cloudfoundry Cf-deployment 7.5.0 (not an official CPE) Cloudfoundry Cf-deployment 7.4.0 (not an official CPE) Cloudfoundry Cf-deployment 7.3.0 (not an official CPE) Cloudfoundry Cf-deployment 7.2.0 (not an official CPE) Cloudfoundry Cf-deployment 7.1.0 (not an official CPE) Cloudfoundry Cf-deployment 7.0.0 (not an official CPE) Cloudfoundry Cf-deployment 6.10.0 (not an official CPE) Cloudfoundry Cf-deployment 6.9.0 (not an official CPE) Cloudfoundry Cf-deployment 6.8.0 (not an official CPE) Cloudfoundry Cf-deployment 6.7.0 (not an official CPE) Cloudfoundry Cf-deployment 6.6.0 (not an official CPE) Cloudfoundry Cf-deployment 6.5.0 (not an official CPE) Cloudfoundry Cf-deployment 6.4.0 (not an official CPE) Cloudfoundry Cf-deployment 6.3.0 (not an official CPE) Cloudfoundry Cf-deployment 6.2.0 (not an official CPE) Cloudfoundry Cf-deployment 6.1.0 (not an official CPE) Cloudfoundry Cf-deployment 6.0.0 (not an official CPE) Cloudfoundry Cf-deployment 5.5.0 (not an official CPE) Cloudfoundry Cf-deployment 5.4.0 (not an official CPE) Cloudfoundry Cf-deployment 5.3.0 (not an official CPE) Cloudfoundry Cf-deployment 5.2.0 (not an official CPE) Cloudfoundry Cf-deployment 5.1.0 (not an official CPE) Cloudfoundry Cf-deployment 5.0.0 (not an official CPE) Cloudfoundry Cf-deployment 4.5.0 (not an official CPE) Cloudfoundry Cf-deployment 4.4.0 (not an official CPE) Cloudfoundry Cf-deployment 4.3.0 (not an official CPE) Cloudfoundry Cf-deployment 4.2.0 (not an official CPE) Cloudfoundry Cf-deployment 4.1.0 (not an official CPE) Cloudfoundry Cf-deployment 4.0.0 (not an official CPE) Cloudfoundry Cf-deployment 3.6.0 (not an official CPE) Cloudfoundry Cf-deployment 3.5.0 (not an official CPE) Cloudfoundry Cf-deployment 3.4.0 (not an official CPE) Cloudfoundry Cf-deployment 3.3.0 (not an official CPE) Cloudfoundry Cf-deployment 3.2.0 (not an official CPE) Cloudfoundry Cf-deployment 3.1.0 (not an official CPE) Cloudfoundry Cf-deployment 3.0.0 (not an official CPE) Cloudfoundry Cf-deployment 2.9.0 (not an official CPE) Cloudfoundry Cf-deployment 2.8.0 (not an official CPE) Cloudfoundry Cf-deployment 2.7.0 (not an official CPE) Cloudfoundry Cf-deployment 2.6.0 (not an official CPE) Cloudfoundry Cf-deployment 2.5.0 (not an official CPE) Cloudfoundry Cf-deployment 2.4.0 (not an official CPE) Cloudfoundry Cf-deployment 2.3.0 (not an official CPE) Cloudfoundry Cf-deployment 2.2.0 (not an official CPE) Cloudfoundry Cf-deployment 2.1.0 (not an official CPE) Cloudfoundry Cf-deployment 2.0.0 (not an official CPE) Cloudfoundry Cf-deployment 1.40.0 (not an official CPE) Cloudfoundry Cf-deployment 1.39.0 (not an official CPE) Cloudfoundry Cf-deployment 1.38.0 (not an official CPE) Cloudfoundry Cf-deployment 1.37.0 (not an official CPE) Cloudfoundry Cf-deployment 1.36.0 (not an official CPE) Cloudfoundry Cf-deployment 1.35.0 (not an official CPE) Cloudfoundry Cf-deployment 1.34.0 (not an official CPE) Cloudfoundry Cf-deployment 1.33.0 (not an official CPE) Cloudfoundry Cf-deployment 1.32.0 (not an official CPE) Cloudfoundry Cf-deployment 1.31.0 (not an official CPE) Cloudfoundry Cf-deployment 1.30.0 (not an official CPE) Cloudfoundry Cf-deployment 1.29.0 (not an official CPE) Cloudfoundry Cf-deployment 1.28.0 (not an official CPE) Cloudfoundry Cf-deployment 1.27.0 (not an official CPE) Cloudfoundry Cf-deployment 1.26.0 (not an official CPE) Cloudfoundry Cf-deployment 1.25.0 (not an official CPE) Cloudfoundry Cf-deployment 1.24.0 (not an official CPE) Cloudfoundry Cf-deployment 1.23.0 (not an official CPE) Cloudfoundry Cf-deployment 1.22.0 (not an official CPE) Cloudfoundry Cf-deployment 1.21.0 (not an official CPE) Cloudfoundry Cf-deployment 1.20.0 (not an official CPE) Cloudfoundry Cf-deployment 1.19.0 (not an official CPE) Cloudfoundry Cf-deployment 1.18.0 (not an official CPE) Cloudfoundry Cf-deployment 1.17.0 (not an official CPE) Cloudfoundry Cf-deployment 1.16.0 (not an official CPE) Cloudfoundry Cf-deployment 1.15.0 (not an official CPE) Cloudfoundry Cf-deployment 1.14.0 (not an official CPE) Cloudfoundry Cf-deployment 1.13.0 (not an official CPE) Cloudfoundry Cf-deployment 1.12.0 (not an official CPE) Cloudfoundry Cf-deployment 1.11.0 (not an official CPE) Cloudfoundry Cf-deployment 1.10.0 (not an official CPE) Cloudfoundry Cf-deployment 1.9.0 (not an official CPE) Cloudfoundry Cf-deployment 1.8.0 (not an official CPE) Cloudfoundry Cf-deployment 1.7.0 (not an official CPE) Cloudfoundry Cf-deployment 1.6.0 (not an official CPE) Cloudfoundry Cf-deployment 1.5.0 (not an official CPE) Cloudfoundry Cf-deployment 1.4.0 (not an official CPE) Cloudfoundry Cf-deployment 1.3.1 (not an official CPE) Cloudfoundry Cf-deployment 1.3.0 (not an official CPE) Cloudfoundry Cf-deployment 1.2.0 (not an official CPE) Cloudfoundry Cf-deployment 1.1.0 (not an official CPE) Cloudfoundry Cf-deployment 1.0.0 (not an official CPE) Cloudfoundry Cf-deployment 0.37.0 (not an official CPE) Cloudfoundry Cf-deployment 0.36.0 (not an official CPE) Cloudfoundry Cf-deployment 0.35.0 (not an official CPE) Cloudfoundry Cf-deployment 0.34.0 (not an official CPE) Cloudfoundry Cf-deployment 0.33.0 (not an official CPE) Cloudfoundry Cf-deployment 0.32.1 (not an official CPE) Cloudfoundry Cf-deployment 0.32.0 (not an official CPE) Cloudfoundry Cf-deployment 0.31.0 (not an official CPE) Cloudfoundry Cf-deployment 0.30.0 (not an official CPE) Cloudfoundry Cf-deployment 0.29.0 (not an official CPE) Cloudfoundry Cf-deployment 0.28.0 (not an official CPE) Cloudfoundry Cf-deployment 0.27.0 (not an official CPE) Cloudfoundry Cf-deployment 0.26.0 (not an official CPE) Cloudfoundry Cf-deployment 0.25.0 (not an official CPE) Cloudfoundry Cf-deployment 0.24.0 (not an official CPE) Cloudfoundry Cf-deployment 0.23.0 (not an official CPE) Cloudfoundry Cf-deployment 0.22.0 (not an official CPE) Cloudfoundry Cf-deployment 0.21.0 (not an official CPE) Cloudfoundry Cf-deployment 0.20.0 (not an official CPE) Cloudfoundry Cf-deployment 0.19.0 (not an official CPE) Cloudfoundry Cf-deployment 0.18.0 (not an official CPE) Cloudfoundry Cf-deployment 0.17.0 (not an official CPE) Cloudfoundry Cf-deployment 0.16.0 (not an official CPE) Cloudfoundry Cf-deployment 0.15.0 (not an official CPE) Cloudfoundry Cf-deployment 0.14.0 (not an official CPE) Cloudfoundry Cf-deployment 0.13.0 (not an official CPE) Cloudfoundry Cf-deployment 0.12.0 (not an official CPE) Cloudfoundry Cf-deployment 0.11.0 (not an official CPE) Cloudfoundry Cf-deployment 0.10.0 (not an official CPE) Cloudfoundry Cf-deployment 0.9.1 (not an official CPE) Cloudfoundry Cf-deployment 0.9.0 (not an official CPE) Cloudfoundry Cf-deployment 0.8.0 (not an official CPE) Cloudfoundry Cf-deployment 0.7.0 (not an official CPE) Cloudfoundry Cf-deployment 0.5.0 (not an official CPE) Cloudfoundry Cf-deployment 0.4.0 (not an official CPE) Cloudfoundry Cf-deployment 0.3.0 (not an official CPE) Cloudfoundry Cf-deployment 0.2.2 (not an official CPE) Cloudfoundry Cf-deployment 0.2.1 (not an official CPE) Cloudfoundry Cf-deployment 0.2.0 (not an official CPE) Cloudfoundry Cf-deployment 0.1.0 (not an official CPE) Cloudfoundry Cf-deployment 0.0.2 (not an official CPE) Cloudfoundry Cf-deployment 0.0.1 (not an official CPE) Cloudfoundry Cf-deployment 0.0.0 (not an official CPE)
Advisory Patch Confirmed Link
https://www.cloudfoundry.org/blog/cve-2019-11277

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (ID 74)

Related CAPEC 38 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Filter Failure through Buffer Overflow (CAPEC-ID 24) XML Injection (CAPEC-ID 250) Leverage Alternate Encoding (CAPEC-ID 267) HTTP Response Smuggling (CAPEC-ID 273) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) HTTP Response Splitting (CAPEC-ID 34) Manipulating Writeable Terminal Devices (CAPEC-ID 40) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Poison Web Service Registry (CAPEC-ID 51) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) XPath Injection (CAPEC-ID 83) XQuery Injection (CAPEC-ID 84) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91)