CVE-2015-5171
CRITICALCloudfoundry Cf-release < 216 - Insufficient Session Expiration
Title source: ruleDescription
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2015-5170-5173
Scores
CVSS v3
9.8
EPSS
0.0117
EPSS Percentile
63.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-613
Status
published
Products (4)
cloudfoundry/cf-release
< 216
org.cloudfoundry.identity/cloudfoundry-identity-server
0 - 2.5.2Maven
pivotal_software/cloud_foundry_elastic_runtime
< 1.7.0
pivotal_software/cloud_foundry_uaa
< 2.5.2
Published
Oct 24, 2017
Tracked Since
Feb 18, 2026