An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud_foundry_uaa_bosh | Cloudfoundry | 21 (including) | 21 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 22 (including) | 22 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 23 (including) | 23 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 24 (including) | 24 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 24.1 (including) | 24.1 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 24.2 (including) | 24.2 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 24.3 (including) | 24.3 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 24.4 (including) | 24.4 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 24.5 (including) | 24.5 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 24.6 (including) | 24.6 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 25 (including) | 25 (including) |
| Cloud_foundry_uaa_bosh | Cloudfoundry | 26 (including) | 26 (including) |
| Cloud_foundry | Pivotal_software | 247.0 (including) | 247.0 (including) |
| Cloud_foundry | Pivotal_software | 248.0 (including) | 248.0 (including) |
| Cloud_foundry | Pivotal_software | 249.0 (including) | 249.0 (including) |
| Cloud_foundry | Pivotal_software | 250.0 (including) | 250.0 (including) |
| Cloud_foundry | Pivotal_software | 251.0 (including) | 251.0 (including) |
| Cloud_foundry | Pivotal_software | 252.0 (including) | 252.0 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.0 (including) | 3.9.0 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.1 (including) | 3.9.1 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.2 (including) | 3.9.2 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.3 (including) | 3.9.3 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.4 (including) | 3.9.4 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.5 (including) | 3.9.5 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.6 (including) | 3.9.6 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.7 (including) | 3.9.7 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.9.8 (including) | 3.9.8 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.10.0 (including) | 3.10.0 (including) |
| Cloud_foundry_uaa | Pivotal_software | 3.11.0 (including) | 3.11.0 (including) |