Is CVE-2016-6639 actively exploited?

CVE-2016-6639 has no public evidence of in-the-wild exploitation as of 2025-04-12.

What is the CVSS score for CVE-2016-6639?

CVE-2016-6639 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2016-6639?

Patch guidance is available from cloudfoundry security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2016-6639.

Fix CVE-2016-6639 - HIGH cloudfoundry php-buildpack

Q: Which products are affected by CVE-2016-6639?

21 products: cloudfoundry php-buildpack, pivotal cloud foundry elastic runtime, pivotal cloud foundry elastic runtime, pivotal cloud foundry elastic runtime, pivotal cloud foundry elastic runtime, and 16 more.

Description

Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-254

Metadata

Primary Vendor: CLOUDFOUNDRY
Published: 9/18/2016
Last Modified: 4/12/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

cloudfoundry : php-buildpackpivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtimepivotal : cloud_foundry_elastic_runtime

Remediation Guidance

Executive Summary

View on NIST NVD