CVE-2015-1775 — Server-Side Request Forgery in Apache Ambari

CWE-918 — Server-Side Request Forgery6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 52.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ambari

Timeline

PublishedNov 2

Latest updateMay 17

Description

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDapache/ambari8 versions+7

🔴Vulnerability Details

GHSA

Apache Ambari SSRF Vulnerability↗2022-05-17

▶

OSV

Apache Ambari SSRF Vulnerability↗2022-05-17

▶

CVEList

CVE-2015-1775: Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2↗2015-11-02

▶

💬Community

Bugzilla

CVE-2015-5210 CVE-2015-3186 CVE-2015-3270 CVE-2015-1775 Apache Ambari: multiple flaws fixed in 2.1.2↗2015-10-19

▶

Bugzilla

CVE-2015-3186 CVE-2015-3270 CVE-2015-5210 CVE-2015-1775 Apache Ambari: multiple flaws fixed in 2.1.2 [fedora-all]↗2015-10-19

▶