VYPR
High severity8.8NVD Advisory· Published Oct 24, 2017· Updated Jun 17, 2026

CVE-2015-5173

CVE-2015-5173

Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."

Affected products

6
  • cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*range: <216
    • (no CPE)range: <216
  • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*range: <1.7.0
    • (no CPE)range: <1.7.0
  • Cloudfoundry/Uaa2 versions
    cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*range: <2.5.2
    • (no CPE)range: <2.5.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.