CVE-2015-1834

A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/98691	Third Party Advisory VDB Entry
https://pivotal.io/security/cve-2015-1834	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cloudfoundry:cf-release::::::::
	cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime::::::::

History

No history.

Information

Published : 2017-05-25 17:29

Updated : 2024-02-28 16:04

NVD link : CVE-2015-1834

Mitre link : CVE-2015-1834

CVE.ORG link : CVE-2015-1834

JSON object : View

Products Affected

pivotal_software

cloud_foundry_elastic_runtime

cloudfoundry

cf-release

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2015-1834", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-05-25T17:29:00.287", "references": [{"url": "http://www.securityfocus.com/bid/98691", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2015-1834", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio ha sido identificada en el componente Cloud Controller de Cloud Foundry, versiones anteriores a la v208 y en Pivotal Cloud Foundry Elastic Runtime, versiones anteriores a la 1.4.2. Un salto de directorio puede originarse a trav\u00e9s de una estructura de directorios relativa a la ruta de un fichero apuntada en una entrada de usuario. El objetivo es el acceso a ficheros y directorios situados fuera de la carpeta web ra\u00edz, con la finalidad de realizar lecturas no autorizadas o incluso ejecutar comandos de sistema arbitrarios. Un atacante podr\u00eda utilizar un cierto par\u00e1metro de la ruta del fichero para p.e. inyectar secuencias de '../' para navegar a trav\u00e9s del sistema de ficheros. En este caso particular, un atacante remoto autenticado pudr\u00eda explotar esta vulnerabilidad para cargar ficheros arbitrarios en el servidor donde se est\u00e1 ejecutando una instancia de Cloud Controller fuera del contenedor que a\u00edsla a la aplicaci\u00f3n."}], "lastModified": "2021-08-25T20:30:38.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C42A408-570D-42C3-B5AF-C173D14B7CE6", "versionEndIncluding": "207"}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "567FE032-B2D3-47EC-9CCB-2298311C1924", "versionEndIncluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}