oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE updates: fixes in Apache Atlas 0.8-incubating

From: Madhan Neethiraj <madhan () apache org>
Date: Tue, 23 May 2017 15:16:46 -0700
All,

 

Please see below the details of CVE updates for Apache Atlas 0.8-incubating release. My apologies

for the delay in sending this update.

 

Thanks,

Madhan

 

-------------------------------------------------------------------------------------------------------

CVE-2016-8752: Atlas web server allows user to browse webapp directory

Severity: Normal

Vendor: The Apache Software Foundation

Versions Affected: 0.6.0 or 0.7.0 or 0.7.1 versions of Apache Atlas

Users affected: All users of Apache Atlas server

Description: Atlas users can access the webapp directory contents by pointing to URIs like /js, /img

Fix detail: Atlas was updated to prevent browsing of webapp directory contents

Mitigation: Users should upgrade to Apache Atlas 0.8-incubating or later version

-------------------------------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: