|
Description
|
|
(#Several vulnerabilities were reported in the policy admin tool of Apache Ranger:#- CVE-2015-0265: cross-site scripting. A remote attacker could exploit it by enticing their victim into following a specially crafted link in order to execute arbitrary HTML/JavaScript code. This vulnerability is located in the HTTP User-Agent header##- CVE-2015-0266: security bypass. An authenticated remote attacker could exploit it via specific URLs in order to access modules.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Ranger (Apache Software Foundation) -
|
|
|
|
|
|
Solution
|
|
Apache has released version 0.5.0 of Ranger which fixes these vulnerabilities.
|
|
|
|
|
|
CVE
|
|
CVE-2015-0266
CVE-2015-0265
|
|
|
|
|
|
References
|
|
- Ranger : CVEs fixed in Ranger 0.5
https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel@apache.org%3E
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
