Server-Side Request Forgery Vulnerability in Apache Ambari
CVE-2015-1775

Currently unrated

Key Information:

Vendor: Apache
Status: Ambari
Vendor: CVE Published:; 2 November 2015

Summary

This vulnerability allows remote authenticated users to exploit the proxy endpoint in Apache Ambari, which can lead to unauthorized port scanning and access to unsecured services through a specifically crafted REST call. Attackers could leverage this security flaw to navigate the internal network and exploit weaknesses in exposed services.

References

https://cwiki.apache.org/confluence/display/AMBARI/Ambari...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/10/13/2

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 2, 2015
Vulnerability Reserved
Feb 17, 2015