PT-2017-6821 · Cloud Foundry+1 · Cloud Foundry Runtime+2

Published

2017-10-24

Updated

2021-08-25

CVE-2015-5173

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cloud Foundry Runtime versions prior to 216 UAA versions prior to 2.5.2 Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0

Description The issue allows attackers to have an unspecified impact via vectors involving emails with password recovery links. This is related to a "Cross Domain Referer Leakage" problem.

Recommendations For Cloud Foundry Runtime versions prior to 216, update to version 216 or later. For UAA versions prior to 2.5.2, update to version 2.5.2 or later. For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0, update to version 1.7.0 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-5173

Affected Products

Cloud Foundry Runtime

Pivotal Cloud Foundry (Pcf) Elastic Runtime

Uaa

PT-2017-6821 · Cloud Foundry+1 · Cloud Foundry Runtime+2

CVE-2015-5173

Weakness Enumeration

Related Identifiers

Affected Products

References · 3