CVE-2015-5173
Summary
| CVE | CVE-2015-5173 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-24 17:29:00 UTC |
| Updated | 2021-08-25 21:16:00 UTC |
| Description | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage." |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudfoundry | Cf-release | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Elastic Runtime | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Elastic Runtime | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Elastic Runtime Cf Release | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Elastic Runtime Cf Release | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Uaa | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Uaa | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2015-5170-5173 UAA Vulnerabilities | Security | Pivotal | CONFIRM | pivotal.io | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.