CVE-2016-0780 : It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic

It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.

Published 2017-05-25 17:29:01

Updated 2021-08-25 21:14:38

Source Dell

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-0780

Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.4
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.5
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.6
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.7
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.1
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.3
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.8
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.10
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.12
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.13
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.14
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.15
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.0
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.2
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.9
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.11
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.16
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.14
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.14:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.13
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.13:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.12
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.12:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.11
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.11:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.10
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.10:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.16
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.16:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.9
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.9:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.7
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.7:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.0
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.0:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.6.17
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.5
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.5:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.4
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.4:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.3
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.3:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.2
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.2:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.15
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.15:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.8
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.8:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.6
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.6:*:*:*:*:*:*:*
Matching versions
Pivotal Software » Cloud Foundry Elastic Runtime » Version: 1.5.1
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.5.1:*:*:*:*:*:*:*
Matching versions
Cloudfoundry » Cf-release » Version: 231
cpe:2.3:a:cloudfoundry:cf-release:231:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-0780

EPSS FAQ

0.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-0780

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2016-0780

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-0780

https://pivotal.io/security/cve-2016-0780

CVE-2016-0780 Cloud Controller Disk Quota Enforcement | Security | Pivotal
Vendor Advisory

Jump to

Vulnerability Details : CVE-2016-0780

Products affected by CVE-2016-0780

Exploit prediction scoring system (EPSS) score for CVE-2016-0780

CVSS scores for CVE-2016-0780

CWE ids for CVE-2016-0780

References for CVE-2016-0780