Description
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Remediation
References
https://github.com/cloudfoundry/cf-release/releases/tag/v240
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
https://pivotal.io/security/cve-2016-5016
Related Vulnerabilities
CVE-2020-2228 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2022-29166 Vulnerability in npm package matrix-appservice-irc
CVE-2021-34078 Vulnerability in npm package lifion-verify-deps
CVE-2020-5497 Vulnerability in maven package org.mitre:openid-connect-common
CVE-2022-36025 Vulnerability in maven package org.hyperledger.besu:evm