CVE-2015-5170

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
References
Link Resource
http://www.securityfocus.com/bid/101579 Third Party Advisory VDB Entry
https://pivotal.io/security/cve-2015-5170-5173 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-24 17:29

Updated : 2024-02-28 16:04


NVD link : CVE-2015-5170

Mitre link : CVE-2015-5170

CVE.ORG link : CVE-2015-5170


JSON object : View

Products Affected

pivotal_software

  • cloud_foundry_elastic_runtime
  • cloud_foundry_uaa

cloudfoundry

  • cf-release
CWE
CWE-352

Cross-Site Request Forgery (CSRF)