CVE-2016-0780
high-risk
Published 2017-05-25
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.
Do I need to act?
-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (2)
Vendor Advisory
https://pivotal.io/security/cve-2016-0780
Vendor Advisory
https://pivotal.io/security/cve-2016-0780
50
/ 100
high-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
23/34 · High