Published: 13/06/2017 Updated: 30/07/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in Cloud Foundry Foundation Cloud Foundry release v252 and previous versions versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pivotal software cloud foundry uaa
pivotal software cloud foundry uaa-release
pivotal software cloud foundry cf-release

Tutorial: basics of using WoC Get updates or ask questions related to World of Code: discordgg/fKPFxzWqZX In order to provide you with the access to the systems, please fill WoC registration form Please view WoC Elements and Structure Recording of the tutorial conducted on 2022-10-27 and an older (possibly obsolete) on 2019-10-15 WoC website On using shell sc

CWE-384 https://www.cloudfoundry.org/cve-2017-4963/https://nvd.nist.gov https://github.com/woc-hack/tutorial

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-4963

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect