High severity8.8NVD Advisory· Published Oct 24, 2017· Updated Jun 17, 2026
CVE-2015-5173
CVE-2015-5173
Description
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
Affected products
6cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*range: <216
- (no CPE)range: <216
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*range: <1.7.0
- (no CPE)range: <1.7.0
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*range: <2.5.2
- (no CPE)range: <2.5.2
Patches
Vulnerability mechanics
References
1- pivotal.io/security/cve-2015-5170-5173nvdVendor Advisory
News mentions
0No linked articles in our index yet.