CVE-2015-1775

EUVD-2022-3368
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
apacheambari
1.5.0
apacheambari
1.5.1
apacheambari
1.6.0
apacheambari
1.6.1
apacheambari
1.7.0
apacheambari
2.0.0
apacheambari
2.0.1
apacheambari
2.0.2
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2015/10/13/2
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities
http://www.openwall.com/lists/oss-security/2015/10/13/2
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities