SNS Vulnerability

Apache Ranger SQL Injection Vulnerability Fixed by 0.5.3

Description

(:An SQL injection vulnerability was reported in Apache Ranger.:A remote attacker could exploit it by sending crafted URLs that include SQL statements in order to view/modify or delete entries in some database tables.::This vulnerability is located in "Apache > Access" tab, via the "eventTime" parameter.)

Vulnerable Products

Vulnerable Software:
Ranger (Apache Software Foundation) - 0.5.0, 0.5.1, 0.5.2

Solution

Apache has released version 0.5.3 of Ranger which fixes this vulnerability.

CVE

CVE-2016-2174

References

- oss-sec : CVE update (CVE-2016-2174) - Fixed in Ranger 0.5.3
http://seclists.org/oss-sec/2016/q2/446
- Apache : Apache Ranger 0.5.3 - Release Notes
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.3+-+Release+Notes

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-06-01

Target Type

Server

Possible exploit

Remote