PT-2017-16230 · Cloud Foundry · Uaa+1
Publicado
2017-06-13
·
Atualizado
2019-07-30
·
CVE-2017-4963
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry versions prior to v252
UAA stand-alone versions 2.0.0 through 2.7.4.12
UAA stand-alone versions 3.0.0 through 3.11.0
UAA bosh versions prior to v26
Description
An issue was discovered in Cloud Foundry and UAA, where UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.
Recommendations
For Cloud Foundry versions prior to v252, update to version v252 or later.
For UAA stand-alone versions 2.0.0 through 2.7.4.12, update to a version later than 2.7.4.12.
For UAA stand-alone versions 3.0.0 through 3.11.0, update to a version later than 3.11.0.
For UAA bosh versions prior to v26, update to version v26 or later.
Correção
Session Fixation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cloud Foundry
Uaa