{"id":"CVE-2016-5016","details":"Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.","aliases":["GHSA-rc2r-w8jv-vggp"],"modified":"2026-04-10T03:50:07.950899Z","published":"2017-04-24T19:59:00.253Z","references":[{"type":"ADVISORY","url":"https://github.com/cloudfoundry/cf-release/releases/tag/v240"},{"type":"ADVISORY","url":"https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3"},{"type":"ADVISORY","url":"https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3"},{"type":"ADVISORY","url":"https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6"},{"type":"ADVISORY","url":"https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3"},{"type":"ADVISORY","url":"https://github.com/cloudfoundry/uaa/releases/tag/3.4.2"},{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2016-5016"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"fixed":"1b88d9e499613e6f9b0728c39b8b4ffa486a0fb6"}]},{"type":"GIT","repo":"https://github.com/cloudfoundry/cf-release","events":[{"introduced":"0"},{"last_affected":"8da019e837edd07791b8d2ec20e7294a17e76f83"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"239"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa","events":[{"introduced":"0"},{"last_affected":"ddae2a131ab505ddf079a7db4289205098373244"},{"fixed":"a54d147a0a0f2bad89b3cb768338acd3009cc815"},{"fixed":"87e9f7b65eede068ad8cd392831317e10ef1e25e"},{"fixed":"094f75188cc0606c5194cc64cf722c54ec8bfd2b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.1"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa-release","events":[{"introduced":"0"},{"last_affected":"38bc1da92d55f3947f5830f302664a5ceceaa9fe"},{"fixed":"f6ca40e0700609cd71ec349d01c3330902222404"},{"fixed":"b4b444b12a80357c4e64ba9e5c10ac998dc83c05"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"12.2"}]}}],"versions":["-","1.0.1","1.0.3","1.1","1.1.1","1.1.2","1.10","1.11","1.2.0","1.2.6","1.4.0","1.4.1","1.4.2","1.4.3","1.4.5","1.4.6","1.4.7","1.5.0","1.5.2","1.5.2.1","1.5.3","1.5.4","1.5.4.1","1.6.0","1.6.1","1.6.2","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.8.2","1.8.3","1.9.0","1.9.1","2.0.0","2.0.1","2.0.2","2.0.3","2.1.0","2.2.4.1","2.2.5","2.2.6","2.3.0","2.3.1","2.3.1.1","2.4.0","2.4.1","2.5.0","2.5.1","2.5.2","2.6.0","2.6.1","2.6.2","2.7.0","2.7.0.1","2.7.0.2","2.7.0.3","2.7.1","2.7.2","2.7.3","2.7.4","2.7.4.1","2.7.4.2","2.7.4.3","2.7.4.4","2.7.4.5","3.0.0","3.0.1","3.1.0","3.2.0","3.2.1","3.3.0","3.3.0.1","3.3.0.2","3.4.0","3.4.1","lenient_hybrid_flow","list","log","rc145.0","scotty_09012012","travis-success-1475","travis-success-1478","travis-success-1497","v10","v100","v102","v103","v104","v105","v109","v11","v11.1","v11.2","v119","v12","v12.1","v12.2","v132","v133","v134","v135","v136","v137","v140","v143","v156","v157","v161","v170","v183","v2","v205","v239","v3","v6","v7","v8","v9","v99","works-for-us"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"1.6.0"},{"fixed":"1.6.35"}]},{"events":[{"introduced":"1.7.0"},{"fixed":"1.7.13"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5016.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}