PT-2017-6821 · Cloud Foundry+1 · Cloud Foundry Runtime+2

Publicado

2017-10-24

Atualizado

2021-08-25

CVE-2015-5173

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cloud Foundry Runtime versions prior to 216 UAA versions prior to 2.5.2 Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0

Description The issue allows attackers to have an unspecified impact via vectors involving emails with password recovery links. This is related to a "Cross Domain Referer Leakage" problem.

Recommendations For Cloud Foundry Runtime versions prior to 216, update to version 216 or later. For UAA versions prior to 2.5.2, update to version 2.5.2 or later. For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0, update to version 1.7.0 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-5173

Produtos afetados

Cloud Foundry Runtime

Pivotal Cloud Foundry (Pcf) Elastic Runtime

Uaa

PT-2017-6821 · Cloud Foundry+1 · Cloud Foundry Runtime+2

CVE-2015-5173

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3