PT-2016-3243 · Pivotal+1 · Pivotal Cloud Foundry (Pcf) Elastic Runtime+2
Publicado
2016-05-02
·
Atualizado
2022-05-13
·
CVE-2015-5171
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Runtime cf-release versions prior to 216
UAA versions prior to 2.5.2
Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0
Description
The issue is related to the password change functionality, where failure to expire existing sessions can be leveraged by attackers. This allows a remote attacker to exploit an old session after a password reset, as logging in with a new password does not invalidate already established sessions.
Recommendations
For Cloud Foundry Runtime cf-release versions prior to 216, update to version 216 or later.
For UAA versions prior to 2.5.2, update to version 2.5.2 or later.
For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0, update to version 1.7.0 or later.
Correção
Insufficient Session Expiration
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cloud Foundry Runtime
Pivotal Cloud Foundry (Pcf) Elastic Runtime
Uaa