{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "1.6.33" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.8" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.9" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.10" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.7.11" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.7.0" }, { "introduced": "0" }, { "last_affected": "1.7.1" }, { "introduced": "0" }, { "last_affected": "1.7.2" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "585adc1bde0b242e204b6a6300e19ee5283c2bbe" }, { "introduced": "0" }, { "last_affected": "36efbc0bf6186a4abaf51c04e55cdb2d5e15091b" }, { "introduced": "0" }, { "last_affected": "3ce2a53c261790f5a4cbddff3dd4dcf4a82d69ac" } ], "repo": "https://github.com/cloudfoundry/uaa", "type": "GIT" } ] } ], "details": "Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address.", "id": "CVE-2016-0896", "modified": "2026-03-13T21:50:08.152996071Z", "published": "2016-09-18T02:59:01.637Z", "references": [ { "type": "WEB", "url": "http://www.securityfocus.com/bid/92161" }, { "type": "ADVISORY", "url": "https://pivotal.io/security/cve-2016-0896" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ] }