9.6

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-6637

GHSA ID

GHSA-4m8c-h7fr-gq5c

EPSS Score

0.31438%

CWE

CWE-352

Published

5/13/2022

Updated

2/29/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-6637

CVE-2016-6637: Cloud Foundry vulnerable to Cross-Site Request Forgery

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.

(GitHub Advisory)

9.6

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-6637

GHSA ID

GHSA-4m8c-h7fr-gq5c

EPSS Score

0.31438%

CWE

CWE-352

Published

5/13/2022

Updated

2/29/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 2.0.0, < 2.7.4.7	2.7.4.7
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 3.0.0, < 3.3.0.5	3.3.0.5
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 3.4.0, < 3.4.4	3.4.4
org.cloudfoundry.identity:cloudfoundry-identity-server	maven	>= 3.5.0, < 3.7.0	3.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from missing CSRF protection on critical endpoints. The commits 37e0384, cded616, and f3d8a9e show that CSRF was explicitly enabled for /oauth/authorize and /profile POST endpoints in login-ui.xml. Prior to the fix, the Spring Security configuration in this file had CSRF disabled (csrf disabled="true") or improperly scoped, leaving these endpoints vulnerable. The addition of CSRF token checks and updated request matchers in the XML configuration directly addresses the CSRF flaw described in CVE-2016-6637.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* *ross-sit* r*qu*st *or**ry (*SR*) vuln*r**iliti*s in Pivot*l *lou* *oun*ry (P**) ***or* ***; U** *.x ***or* *.*.*.*, *.x ***or* *.*.*.*, *n* *.*.x ***or* *.*.*; U** *OS* ***or* **.* *n* **.x ***or* **.*; *l*sti* Runtim* ***or* *.*.**, *.*.x

Reasoning

T** vuln*r**ility st*mm** *rom missin* *SR* prot**tion on *riti**l *n*points. T** *ommits *******, *******, *n* ******* s*ow t**t *SR* w*s *xpli*itly *n**l** *or `/o*ut*/*ut*oriz*` *n* `/pro*il*` POST *n*points in `lo*in-ui.xml`. Prior to t** *ix, t*

9.6

Basic Information

Concerned about an active attack path?

CVE-2016-6637: Cloud Foundry vulnerable to Cross-Site Request Forgery

9.6

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI