Vulnerabilities > CVE-2015-5171 - Insufficient Session Expiration vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cloudfoundry

pivotal-software

CWE-613

NVD

Published: 2017-10-24

Updated: 2021-08-25

Summary

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Vulnerable Configurations

Part	Description	Count
Application	Cloudfoundry Cloudfoundry CF Release 68 Cloudfoundry CF Release 69 Cloudfoundry CF Release 70 Cloudfoundry CF Release 71 Cloudfoundry CF Release 72 Cloudfoundry CF Release 73 Cloudfoundry CF Release 74 Cloudfoundry CF Release 75 Cloudfoundry CF Release 76 Cloudfoundry CF Release 77 Cloudfoundry CF Release 78 Cloudfoundry CF Release 79 Cloudfoundry CF Release 80 Cloudfoundry CF Release 81 Cloudfoundry CF Release 82 Cloudfoundry CF Release 83 Cloudfoundry CF Release 84 Cloudfoundry CF Release 85 Cloudfoundry CF Release 86 Cloudfoundry CF Release 87 Cloudfoundry CF Release 88 Cloudfoundry CF Release 89 Cloudfoundry CF Release 90 Cloudfoundry CF Release 91 Cloudfoundry CF Release 92 Cloudfoundry CF Release 93 Cloudfoundry CF Release 94 Cloudfoundry CF Release 95 Cloudfoundry CF Release 96 Cloudfoundry CF Release 97 Cloudfoundry CF Release 98 Cloudfoundry CF Release 99 Cloudfoundry CF Release 100 Cloudfoundry CF Release 101 Cloudfoundry CF Release 102 Cloudfoundry CF Release 103 Cloudfoundry CF Release 104 Cloudfoundry CF Release 105 Cloudfoundry CF Release 106 Cloudfoundry CF Release 107 Cloudfoundry CF Release 108 Cloudfoundry CF Release 109 Cloudfoundry CF Release 110 Cloudfoundry CF Release 111 Cloudfoundry CF Release 112 Cloudfoundry CF Release 113 Cloudfoundry CF Release 114 Cloudfoundry CF Release 115 Cloudfoundry CF Release 116 Cloudfoundry CF Release 117 Cloudfoundry CF Release 118 Cloudfoundry CF Release 119 Cloudfoundry CF Release 120 Cloudfoundry CF Release 121 Cloudfoundry CF Release 122 Cloudfoundry CF Release 123 Cloudfoundry CF Release 124 Cloudfoundry CF Release 125 Cloudfoundry CF Release 126 Cloudfoundry CF Release 127 Cloudfoundry CF Release 128 Cloudfoundry CF Release 129 Cloudfoundry CF Release 130 Cloudfoundry CF Release 131 Cloudfoundry CF Release 132 Cloudfoundry CF Release 133 Cloudfoundry CF Release 134 Cloudfoundry CF Release 135 Cloudfoundry CF Release 136 Cloudfoundry CF Release 137 Cloudfoundry CF Release 138 Cloudfoundry CF Release 139 Cloudfoundry CF Release 140 Cloudfoundry CF Release 141 Cloudfoundry CF Release 142 Cloudfoundry CF Release 143 Cloudfoundry CF Release 144 Cloudfoundry CF Release 145 Cloudfoundry CF Release 146 Cloudfoundry CF Release 147 Cloudfoundry CF Release 148 Cloudfoundry CF Release 149 Cloudfoundry CF Release 150 Cloudfoundry CF Release 151 Cloudfoundry CF Release 152 Cloudfoundry CF Release 153 Cloudfoundry CF Release 154 Cloudfoundry CF Release 155 Cloudfoundry CF Release 156 Cloudfoundry CF Release 157 Cloudfoundry CF Release 158 Cloudfoundry CF Release 159 Cloudfoundry CF Release 160 Cloudfoundry CF Release 161 Cloudfoundry CF Release 162 Cloudfoundry CF Release 163 Cloudfoundry CF Release 164 Cloudfoundry CF Release 165 Cloudfoundry CF Release 166 Cloudfoundry CF Release 167 Cloudfoundry CF Release 168 Cloudfoundry CF Release 169 Cloudfoundry CF Release 170 Cloudfoundry CF Release 171 Cloudfoundry CF Release 172 Cloudfoundry CF Release 173 Cloudfoundry CF Release 174 Cloudfoundry CF Release 175 Cloudfoundry CF Release 176 Cloudfoundry CF Release 177 Cloudfoundry CF Release 178 Cloudfoundry CF Release 179 Cloudfoundry CF Release 180 Cloudfoundry CF Release 181 Cloudfoundry CF Release 182 Cloudfoundry CF Release 183 Cloudfoundry CF Release 184 Cloudfoundry CF Release 185 Cloudfoundry CF Release 186 Cloudfoundry CF Release 187 Cloudfoundry CF Release 188 Cloudfoundry CF Release 189 Cloudfoundry CF Release 190 Cloudfoundry CF Release 191 Cloudfoundry CF Release 192 Cloudfoundry CF Release 193 Cloudfoundry CF Release 194 Cloudfoundry CF Release 195 Cloudfoundry CF Release 196 Cloudfoundry CF Release 197 Cloudfoundry CF Release 198 Cloudfoundry CF Release 199 Cloudfoundry CF Release 200 Cloudfoundry CF Release 201 Cloudfoundry CF Release 202 Cloudfoundry CF Release 203 Cloudfoundry CF Release 204 Cloudfoundry CF Release 205 Cloudfoundry CF Release 206 Cloudfoundry CF Release 207 Cloudfoundry CF Release 208 Cloudfoundry CF Release 209 Cloudfoundry CF Release 210 Cloudfoundry CF Release 211 Cloudfoundry CF Release 212 Cloudfoundry CF Release 213 Cloudfoundry CF Release 214 Cloudfoundry CF Release 215	151
Application	Pivotal_Software Pivotal Software Cloud Foundry Elastic Runtime 1.4.1 Pivotal Software Cloud Foundry Elastic Runtime 1.4.5 Pivotal Software Cloud Foundry Elastic Runtime 1.5.0 Pivotal Software Cloud Foundry Elastic Runtime 1.5.1 Pivotal Software Cloud Foundry Elastic Runtime 1.5.2 Pivotal Software Cloud Foundry Elastic Runtime 1.5.3 Pivotal Software Cloud Foundry Elastic Runtime 1.5.4 Pivotal Software Cloud Foundry Elastic Runtime 1.5.5 Pivotal Software Cloud Foundry Elastic Runtime 1.5.6 Pivotal Software Cloud Foundry Elastic Runtime 1.5.7 Pivotal Software Cloud Foundry Elastic Runtime 1.5.8 Pivotal Software Cloud Foundry Elastic Runtime 1.5.9 Pivotal Software Cloud Foundry Elastic Runtime 1.5.10 Pivotal Software Cloud Foundry Elastic Runtime 1.5.11 Pivotal Software Cloud Foundry Elastic Runtime 1.5.12 Pivotal Software Cloud Foundry Elastic Runtime 1.5.13 Pivotal Software Cloud Foundry Elastic Runtime 1.5.14 Pivotal Software Cloud Foundry Elastic Runtime 1.5.15 Pivotal Software Cloud Foundry Elastic Runtime 1.5.16 Pivotal Software Cloud Foundry Elastic Runtime 1.5.18 Pivotal Software Cloud Foundry Elastic Runtime 1.6.0 Pivotal Software Cloud Foundry Elastic Runtime 1.6.1 Pivotal Software Cloud Foundry Elastic Runtime 1.6.2 Pivotal Software Cloud Foundry Elastic Runtime 1.6.3 Pivotal Software Cloud Foundry Elastic Runtime 1.6.4 Pivotal Software Cloud Foundry Elastic Runtime 1.6.5 Pivotal Software Cloud Foundry Elastic Runtime 1.6.6 Pivotal Software Cloud Foundry Elastic Runtime 1.6.7 Pivotal Software Cloud Foundry Elastic Runtime 1.6.8 Pivotal Software Cloud Foundry Elastic Runtime 1.6.9 Pivotal Software Cloud Foundry Elastic Runtime 1.6.10 Pivotal Software Cloud Foundry Elastic Runtime 1.6.11 Pivotal Software Cloud Foundry Elastic Runtime 1.6.12 Pivotal Software Cloud Foundry Elastic Runtime 1.6.13 Pivotal Software Cloud Foundry Elastic Runtime 1.6.14 Pivotal Software Cloud Foundry Elastic Runtime 1.6.15 Pivotal Software Cloud Foundry Elastic Runtime 1.6.16 Pivotal Software Cloud Foundry Elastic Runtime 1.6.17 Pivotal Software Cloud Foundry Elastic Runtime 1.6.18 Pivotal Software Cloud Foundry Elastic Runtime 1.6.19 Pivotal Software Cloud Foundry Elastic Runtime 1.6.20 Pivotal Software Cloud Foundry Elastic Runtime 1.6.21 Pivotal Software Cloud Foundry Elastic Runtime 1.6.22 Pivotal Software Cloud Foundry Elastic Runtime 1.6.23 Pivotal Software Cloud Foundry Elastic Runtime 1.6.24 Pivotal Software Cloud Foundry Elastic Runtime 1.6.25 Pivotal Software Cloud Foundry Elastic Runtime 1.6.26 Pivotal Software Cloud Foundry Elastic Runtime 1.6.27 Pivotal Software Cloud Foundry Elastic Runtime 1.6.28 Pivotal Software Cloud Foundry Elastic Runtime 1.6.29 Pivotal Software Cloud Foundry Elastic Runtime 1.6.30 Pivotal Software Cloud Foundry Elastic Runtime 1.6.31 Pivotal Software Cloud Foundry Elastic Runtime 1.6.32 Pivotal Software Cloud Foundry Elastic Runtime 1.6.33 Pivotal Software Cloud Foundry Elastic Runtime 1.6.34 Pivotal Software Cloud Foundry Elastic Runtime 1.6.35 Pivotal Software Cloud Foundry Elastic Runtime 1.6.36 Pivotal Software Cloud Foundry Elastic Runtime 1.6.37 Pivotal Software Cloud Foundry Elastic Runtime 1.6.38 Pivotal Software Cloud Foundry Elastic Runtime 1.6.39 Pivotal Software Cloud Foundry Elastic Runtime 1.6.40 Pivotal Software Cloud Foundry Elastic Runtime 1.6.41 Pivotal Software Cloud Foundry Elastic Runtime 1.6.42 Pivotal Software Cloud Foundry Elastic Runtime 1.6.43 Pivotal Software Cloud Foundry Elastic Runtime 1.6.44 Pivotal Software Cloud Foundry Elastic Runtime 1.6.45 Pivotal Software Cloud Foundry Elastic Runtime 1.6.46 Pivotal Software Cloud Foundry Elastic Runtime 1.6.47 Pivotal Software Cloud Foundry Elastic Runtime 1.6.48 Pivotal Software Cloud Foundry Elastic Runtime 1.6.49 Pivotal Software Cloud Foundry Elastic Runtime 1.6.50 Pivotal Software Cloud Foundry Elastic Runtime 1.6.51 Pivotal Software Cloud Foundry Elastic Runtime 1.6.52 Pivotal Software Cloud Foundry Elastic Runtime 1.6.53 Pivotal Software Cloud Foundry Elastic Runtime 1.6.54 Pivotal Software Cloud Foundry Elastic Runtime 1.6.55 Pivotal Software Cloud Foundry Elastic Runtime 1.6.56 Pivotal Software Cloud Foundry Elastic Runtime 1.6.57 Pivotal Software Cloud Foundry Elastic Runtime 1.6.58 Pivotal Software Cloud Foundry Elastic Runtime 1.6.59 Pivotal Software Cloud Foundry Elastic Runtime 1.6.60 Pivotal Software Cloud Foundry Elastic Runtime 1.6.61 Pivotal Software Cloud Foundry Elastic Runtime 1.6.62 Pivotal Software Cloud Foundry Elastic Runtime 1.6.63 Pivotal Software Cloud Foundry Elastic Runtime 1.6.64 Pivotal Software Cloud Foundry UAA 1.0.0 Pivotal Software Cloud Foundry UAA 1.0.1 Pivotal Software Cloud Foundry UAA 1.0.2 Pivotal Software Cloud Foundry UAA 1.0.3 Pivotal Software Cloud Foundry UAA 1.1 Pivotal Software Cloud Foundry UAA 1.1.1 Pivotal Software Cloud Foundry UAA 1.1.2 Pivotal Software Cloud Foundry UAA 1.2.0 Pivotal Software Cloud Foundry UAA 1.2.1 Pivotal Software Cloud Foundry UAA 1.2.2 Pivotal Software Cloud Foundry UAA 1.2.3 Pivotal Software Cloud Foundry UAA 1.2.4 Pivotal Software Cloud Foundry UAA 1.2.5 Pivotal Software Cloud Foundry UAA 1.2.6 Pivotal Software Cloud Foundry UAA 1.3.0 Pivotal Software Cloud Foundry UAA 1.3.1 Pivotal Software Cloud Foundry UAA 1.4.0 Pivotal Software Cloud Foundry UAA 1.4.1 Pivotal Software Cloud Foundry UAA 1.4.2 Pivotal Software Cloud Foundry UAA 1.4.3 Pivotal Software Cloud Foundry UAA 1.4.4 Pivotal Software Cloud Foundry UAA 1.4.5 Pivotal Software Cloud Foundry UAA 1.4.6 Pivotal Software Cloud Foundry UAA 1.4.7 Pivotal Software Cloud Foundry UAA 1.5.0 Pivotal Software Cloud Foundry UAA 1.5.1 Pivotal Software Cloud Foundry UAA 1.5.2 Pivotal Software Cloud Foundry UAA 1.5.2.1 Pivotal Software Cloud Foundry UAA 1.5.3 Pivotal Software Cloud Foundry UAA 1.5.4 Pivotal Software Cloud Foundry UAA 1.5.4.1 Pivotal Software Cloud Foundry UAA 1.6.0 Pivotal Software Cloud Foundry UAA 1.6.1 Pivotal Software Cloud Foundry UAA 1.6.2 Pivotal Software Cloud Foundry UAA 1.6.3 Pivotal Software Cloud Foundry UAA 1.6.4 Pivotal Software Cloud Foundry UAA 1.6.5 Pivotal Software Cloud Foundry UAA 1.7.0 Pivotal Software Cloud Foundry UAA 1.7.1 Pivotal Software Cloud Foundry UAA 1.7.2 Pivotal Software Cloud Foundry UAA 1.8.0 Pivotal Software Cloud Foundry UAA 1.8.1 Pivotal Software Cloud Foundry UAA 1.8.2 Pivotal Software Cloud Foundry UAA 1.8.3 Pivotal Software Cloud Foundry UAA 1.9.0 Pivotal Software Cloud Foundry UAA 1.9.1 Pivotal Software Cloud Foundry UAA 1.10 Pivotal Software Cloud Foundry UAA 1.11 Pivotal Software Cloud Foundry UAA 2.0.0 Pivotal Software Cloud Foundry UAA 2.0.1 Pivotal Software Cloud Foundry UAA 2.0.2 Pivotal Software Cloud Foundry UAA 2.0.3 Pivotal Software Cloud Foundry UAA 2.1.0 Pivotal Software Cloud Foundry UAA 2.2.0 Pivotal Software Cloud Foundry UAA 2.2.1 Pivotal Software Cloud Foundry UAA 2.2.2 Pivotal Software Cloud Foundry UAA 2.2.3 Pivotal Software Cloud Foundry UAA 2.2.4 Pivotal Software Cloud Foundry UAA 2.2.4.1 Pivotal Software Cloud Foundry UAA 2.2.5 Pivotal Software Cloud Foundry UAA 2.2.5.2 Pivotal Software Cloud Foundry UAA 2.2.5.3 Pivotal Software Cloud Foundry UAA 2.2.5.4 Pivotal Software Cloud Foundry UAA 2.2.6 Pivotal Software Cloud Foundry UAA 2.3.0 Pivotal Software Cloud Foundry UAA 2.3.1 Pivotal Software Cloud Foundry UAA 2.3.1.1 Pivotal Software Cloud Foundry UAA 2.4.0 Pivotal Software Cloud Foundry UAA 2.4.1 Pivotal Software Cloud Foundry UAA 2.5.0 Pivotal Software Cloud Foundry UAA 2.5.1	156

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://pivotal.io/security/cve-2015-5170-5173