PT-2017-6642 · Pivotal+1 · Pivotal Cloud Foundry Runtime+2

Publicado

2017-05-25

Atualizado

2021-08-25

CVE-2015-3190

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry Runtime cf-release versions v209 or earlier UAA Standalone versions 2.2.6 or earlier Pivotal Cloud Foundry Runtime versions 1.4.5 or earlier

Description The UAA logout link is susceptible to an open redirect, allowing an attacker to insert a malicious web page as a redirect parameter.

Recommendations For Cloud Foundry Runtime cf-release versions v209 or earlier, update to a version later than v209 to resolve the issue. For UAA Standalone versions 2.2.6 or earlier, update to a version later than 2.2.6 to resolve the issue. For Pivotal Cloud Foundry Runtime versions 1.4.5 or earlier, update to a version later than 1.4.5 to resolve the issue.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2015-3190

Produtos afetados

Cloud Foundry Runtime

Pivotal Cloud Foundry Runtime

Uaa

PT-2017-6642 · Pivotal+1 · Pivotal Cloud Foundry Runtime+2

CVE-2015-3190

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3