What is the severity of CVE-2015-1775?

CVE-2015-1775 is classified as a high severity vulnerability due to its potential to allow unauthorized access to sensitive services.

How do I fix CVE-2015-1775?

To fix CVE-2015-1775, upgrade Apache Ambari to version 2.1.0 or later.

What type of vulnerability is CVE-2015-1775?

CVE-2015-1775 is a server-side request forgery (SSRF) vulnerability.

Which versions of Apache Ambari are affected by CVE-2015-1775?

Apache Ambari versions 1.5.0 through 2.0.2 are affected by CVE-2015-1775.

Who can exploit CVE-2015-1775?

CVE-2015-1775 can be exploited by remote authenticated users through crafted REST calls.

Vulnerability/
CVE-2015-1775

medium

5.5

CWE

918

2/11/2015

17/5/2022

13/8/2023

CVE-2015-1775: SSRF

First published: Mon Nov 02 2015(Updated: )

Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache Ambari	=1.5.0
Apache Ambari	=1.5.1
Apache Ambari	=1.6.0
Apache Ambari	=1.6.1
Apache Ambari	=1.7.0
Apache Ambari	=2.0.0
Apache Ambari	=2.0.1
Apache Ambari	=2.0.2
maven/org.apache.ambari:ambari	>=1.5.0<2.1.0	2.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-1775?
CVE-2015-1775 is classified as a high severity vulnerability due to its potential to allow unauthorized access to sensitive services.
How do I fix CVE-2015-1775?
To fix CVE-2015-1775, upgrade Apache Ambari to version 2.1.0 or later.
What type of vulnerability is CVE-2015-1775?
CVE-2015-1775 is a server-side request forgery (SSRF) vulnerability.
Which versions of Apache Ambari are affected by CVE-2015-1775?
Apache Ambari versions 1.5.0 through 2.0.2 are affected by CVE-2015-1775.
Who can exploit CVE-2015-1775?
CVE-2015-1775 can be exploited by remote authenticated users through crafted REST calls.

collector/nvd-cve
collector/nvd-index
collector/github-advisory
alias/GHSA-9g2j-5685-h44h
alias/CVE-2015-1775
collector/github-advisory-latest
agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
vendor/apache
canonical/apache ambari
version/apache ambari/1.5.0
version/apache ambari/1.5.1
version/apache ambari/1.6.0
version/apache ambari/1.6.1
version/apache ambari/1.7.0
version/apache ambari/2.0.0
version/apache ambari/2.0.1
version/apache ambari/2.0.2
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.