CVE-2015-5171
published 2017-10-24CVE-2015-5171: The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before…
PriorityP339critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.17%
63.5th percentile
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudfoundry | cf-release | < 216 | 216 |
| pivotal_software | cloud_foundry_elastic_runtime | < 1.7.0 | 1.7.0 |
| pivotal_software | cloud_foundry_uaa | < 2.5.2 | 2.5.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
osv·2022-05-13
CVE-2015-5171 [CRITICAL] Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
GHSA
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
ghsa·2022-05-13
CVE-2015-5171 [CRITICAL] CWE-613 Cloud Foundry Runtime Insufficient Session Expiration vulnerability
Cloud Foundry Runtime Insufficient Session Expiration vulnerability
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
No detection rules found.
No public exploits indexed.
2017-10-24
Published