CVE-2016-8752

EUVD-2017-0005
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
apacheatlas
0.6.0
apacheatlas
0.6.0:rc1
apacheatlas
0.6.0:rc2
apacheatlas
0.7.0
apacheatlas
0.7.0:rc1
apacheatlas
0.7.0:rc2
apacheatlas
0.7.1
apacheatlas
0.7.1:rc1
apacheatlas
0.7.1:rc2
apacheatlas
0.7.1:rc3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E