Unauthenticated Access and Denial of Service Vulnerability in BOSH Director VM

Unauthenticated Access and Denial of Service Vulnerability in BOSH Director VM

CVE-2016-4435 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

Learn more about our Web Application Penetration Testing UK.