PT-2017-2755 · Apache · Apache Ranger

Publicado

2017-06-14

Atualizado

2018-10-17

CVE-2017-7676

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Ranger versions prior to 0.7.1

Description The policy resource matcher in Apache Ranger ignores characters after the '*' wildcard character, which can result in unintended behavior. This issue can be exploited by a remote attacker to cause undefined behavior in the program.

Recommendations For Apache Ranger versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the '*' wildcard character in policy resource matchers to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2017-02004

CVE-2017-7676

GHSA-758M-6G3Q-G3HH

Produtos afetados

Apache Ranger

PT-2017-2755 · Apache · Apache Ranger

CVE-2017-7676

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7