Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-5173 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-shuffle_2.10

CVE-2022-43415 Vulnerability in maven package org.jenkins-ci.plugins:repo

CVE-2014-3417 Vulnerability in maven package org.jasig.portal:uportal-war

CVE-2022-36098 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mentions-ui

CVE-2018-1000665 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory