Strix
26.1K

CVE-2015-1834

MEDIUMCVSS 6.5/10EPSS 1.69%

Last modified

CVE-2015-1834 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. EPSS estimates a 1.69% chance of exploitation in the next 30 days.

Description

A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
1.69%

74.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CloudfoundryCf-Release<= 207
Pivotal SoftwareCloud Foundry Elastic Runtime<= 1.4.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-1834?
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.
How severe is CVE-2015-1834?
CVE-2015-1834 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 1.69% probability of exploitation in the next 30 days.
How do I fix CVE-2015-1834?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-1834?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST