Description
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
Remediation
References
https://github.com/cloudfoundry/cf-release/releases/tag/v240
https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3
https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3
https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6
https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3
https://github.com/cloudfoundry/uaa/releases/tag/3.4.2
https://pivotal.io/security/cve-2016-5016
Related Vulnerabilities
CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents:httpclient
CVE-2023-48223 Vulnerability in npm package fast-jwt
CVE-2021-46877 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2017-16202 Vulnerability in npm package cofeescript
CVE-2020-2287 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail