PT-2017-6642 · Pivotal+1 · Pivotal Cloud Foundry Runtime+2

Published

2017-05-25

Updated

2021-08-25

CVE-2015-3190

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry Runtime cf-release versions v209 or earlier UAA Standalone versions 2.2.6 or earlier Pivotal Cloud Foundry Runtime versions 1.4.5 or earlier

Description The UAA logout link is susceptible to an open redirect, allowing an attacker to insert a malicious web page as a redirect parameter.

Recommendations For Cloud Foundry Runtime cf-release versions v209 or earlier, update to a version later than v209 to resolve the issue. For UAA Standalone versions 2.2.6 or earlier, update to a version later than 2.2.6 to resolve the issue. For Pivotal Cloud Foundry Runtime versions 1.4.5 or earlier, update to a version later than 1.4.5 to resolve the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2015-3190

Affected Products

Cloud Foundry Runtime

Pivotal Cloud Foundry Runtime

Uaa

PT-2017-6642 · Pivotal+1 · Pivotal Cloud Foundry Runtime+2

CVE-2015-3190

Weakness Enumeration

Related Identifiers

Affected Products

References · 3