PT-2018-18373 · Apache · Apache Ambari
Publicado
2018-05-03
·
Atualizado
2018-06-13
·
CVE-2018-8003
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Apache Ambari versions 1.4.0 to 2.6.1
Description:
The issue allows an unauthenticated user to perform a directory traversal attack, granting read-only access to any file on the host's filesystem that is accessible by the user running the Ambari Server. This requires direct network access to the Ambari Server. Servers protected by a firewall or in a restricted network zone are at lower risk.
Recommendations:
For Apache Ambari versions 1.4.0 to 2.6.1, restrict direct network access to the Ambari Server, and consider placing it behind a firewall or in a restricted network zone to minimize the risk of exploitation.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Ambari