Main Vulnerability Database Vulnerabilities #VU31405

Information disclosure in Cloud Foundry UAA - CVE-2015-5173

Published: October 24, 2017 / Updated: July 18, 2020

Vulnerability identifier: #VU31405

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-5173

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cloud Foundry Foundation

Affected software:
Cloud Foundry UAA

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."

How to mitigate CVE-2015-5173

Install update from vendor's website.

Sources

https://pivotal.io/security/cve-2015-5170-5173

Information disclosure in Cloud Foundry UAA - CVE-2015-5173

Detailed vulnerability description

How to mitigate CVE-2015-5173

Sources

Please verify you're human