CVE-2017-4960

An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.

Published: Mar 10, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-4960
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pivotal_software / cloud_foundry_uaa	3.9.8	3.9.8.x
pivotal_software / cloud_foundry_uaa	3.9.5	3.9.5.x
pivotal_software / cloud_foundry_uaa	3.11.0	3.11.0.x
pivotal_software / cloud_foundry	247.0	247.0.x
pivotal_software / cloud_foundry_uaa	3.9.6	3.9.6.x
pivotal_software / cloud_foundry_uaa	3.9.0	3.9.0.x
pivotal_software / cloud_foundry	248.0	248.0.x
pivotal_software / cloud_foundry_uaa	3.9.3	3.9.3.x
pivotal_software / cloud_foundry	252.0	252.0.x
pivotal_software / cloud_foundry	250.0	250.0.x
pivotal_software / cloud_foundry_uaa	3.9.2	3.9.2.x
pivotal_software / cloud_foundry_uaa	3.9.7	3.9.7.x
pivotal_software / cloud_foundry_uaa	3.10.0	3.10.0.x
pivotal_software / cloud_foundry_uaa	3.9.1	3.9.1.x
pivotal_software / cloud_foundry	249.0	249.0.x
pivotal_software / cloud_foundry_uaa	3.9.4	3.9.4.x
pivotal_software / cloud_foundry	251.0	251.0.x
cloudfoundry / cloud_foundry_uaa_bosh	24	24.x
cloudfoundry / cloud_foundry_uaa_bosh	25	25.x
cloudfoundry / cloud_foundry_uaa_bosh	26	26.x
cloudfoundry / cloud_foundry_uaa_bosh	24.5	24.5.x
cloudfoundry / cloud_foundry_uaa_bosh	24.6	24.6.x
cloudfoundry / cloud_foundry_uaa_bosh	24.3	24.3.x
cloudfoundry / cloud_foundry_uaa_bosh	24.4	24.4.x
cloudfoundry / cloud_foundry_uaa_bosh	24.1	24.1.x
cloudfoundry / cloud_foundry_uaa_bosh	24.2	24.2.x
cloudfoundry / cloud_foundry_uaa_bosh	22	22.x
cloudfoundry / cloud_foundry_uaa_bosh	21	21.x
cloudfoundry / cloud_foundry_uaa_bosh	23	23.x

Vulnerability Database

309,103

CVE-2017-4960

Deep Security Visibility Without the Complexity