PT-2017-2755 · Apache · Apache Ranger

Published

2017-06-14

Updated

2018-10-17

CVE-2017-7676

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Ranger versions prior to 0.7.1

Description The policy resource matcher in Apache Ranger ignores characters after the '*' wildcard character, which can result in unintended behavior. This issue can be exploited by a remote attacker to cause undefined behavior in the program.

Recommendations For Apache Ranger versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the '*' wildcard character in policy resource matchers to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2017-02004

CVE-2017-7676

GHSA-758M-6G3Q-G3HH

Affected Products

Apache Ranger

PT-2017-2755 · Apache · Apache Ranger

CVE-2017-7676

Weakness Enumeration

Related Identifiers

Affected Products

References · 7