CVE-2016-8752 - Vulnerability Details

Vendors	Products
Apache	Atlas

Link	Providers
https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Apache Atlas", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "0.6.0-incubating"}, {"status": "affected", "version": "0.7.0-incubating"}, {"status": "affected", "version": "0.7.1-incubating"}]}], "datePublic": "2017-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-29T19:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-05-23T00:00:00", "ID": "CVE-2016-8752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Atlas", "version": {"version_data": [{"version_value": "0.6.0-incubating"}, {"version_value": "0.7.0-incubating"}, {"version_value": "0.7.1-incubating"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86@%3Cdev.atlas.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:35:00.107Z"}, "title": "CVE Program Container", "references": [{"name": "[dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-8752", "datePublished": "2017-08-29T20:00:00Z", "dateReserved": "2016-10-18T00:00:00", "dateUpdated": "2024-09-16T19:05:02.136Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Apache Atlas (string)

vendor : Apache Software Foundation (string)

versions : [ »

0 : { »

status : affected (string)

version : 0.6.0-incubating (string)

}

1 : { »

status : affected (string)

version : 0.7.0-incubating (string)

}

2 : { »

status : affected (string)

version : 0.7.1-incubating (string)

}

]

}

]

datePublic : 2017-05-23T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Information Disclosure (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-29T19:57:01 (string)

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

}

references : [ »

0 : { »

name : [dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@apache.org (string)

DATE_PUBLIC : 2017-05-23T00:00:00 (string)

ID : CVE-2016-8752 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Apache Atlas (string)

version : { »

version_data : [ »

0 : { »

version_value : 0.6.0-incubating (string)

}

1 : { »

version_value : 0.7.0-incubating (string)

}

2 : { »

version_value : 0.7.1-incubating (string)

}

]

}

]

}

vendor_name : Apache Software Foundation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Information Disclosure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : [dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86@%3Cdev.atlas.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T02:35:00.107Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : [dev] 20170523 CVE updates: fixes in Apache Atlas 0.8-incubating (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

assignerShortName : apache (string)

cveId : CVE-2016-8752 (string)

datePublished : 2017-08-29T20:00:00Z (string)

dateReserved : 2016-10-18T00:00:00 (string)

dateUpdated : 2024-09-16T19:05:02.136Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:atlas:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A29E849-5092-496D-9D46-ABEAEEDE9129", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3562FE93-F83F-46A0-B5CC-E366D3A85D0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D6A04ED5-6C1D-47DC-A7DE-A402DA828C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9064A625-AA0A-4606-9DB1-98D5015C648F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6CACA970-3D32-47E8-87AD-7C618EBA8096", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B73379D5-9AB4-42A4-B242-D3E6DC553BBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "29E5504B-DFD9-4C5F-8E01-5A6FEC0735C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "0F5B8F23-E25E-4BB6-994F-53DAED2CBA6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.7.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "0AE475B1-5C9B-453A-AFFC-6F2E047D9AC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:atlas:0.7.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "9D5C8FAC-515F-414E-ABFE-8EAF0A212965", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img."}, {"lang": "es", "value": "Apache Atlas en sus versiones 0.6.0 (incubating), 0.7.0 (incubating), y 0.7.1 (incubating) permite el acceso al contenido del directorio webapp se\u00f1alando a URI como /js e /img."}], "id": "CVE-2016-8752", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-29T20:29:00.437", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:atlas:0.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A29E849-5092-496D-9D46-ABEAEEDE9129 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:atlas:0.6.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 3562FE93-F83F-46A0-B5CC-E366D3A85D0E (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:atlas:0.6.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : D6A04ED5-6C1D-47DC-A7DE-A402DA828C9F (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:atlas:0.7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9064A625-AA0A-4606-9DB1-98D5015C648F (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:atlas:0.7.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 6CACA970-3D32-47E8-87AD-7C618EBA8096 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:atlas:0.7.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : B73379D5-9AB4-42A4-B242-D3E6DC553BBB (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:atlas:0.7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 29E5504B-DFD9-4C5F-8E01-5A6FEC0735C9 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:atlas:0.7.1:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 0F5B8F23-E25E-4BB6-994F-53DAED2CBA6A (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apache:atlas:0.7.1:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 0AE475B1-5C9B-453A-AFFC-6F2E047D9AC1 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apache:atlas:0.7.1:rc3:*:*:*:*:*:* (string)

matchCriteriaId : 9D5C8FAC-515F-414E-ABFE-8EAF0A212965 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. (string)

}

1 : { »

lang : es (string)

value : Apache Atlas en sus versiones 0.6.0 (incubating), 0.7.0 (incubating), y 0.7.1 (incubating) permite el acceso al contenido del directorio webapp señalando a URI como /js e /img. (string)

}

]

id : CVE-2016-8752 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-08-29T20:29:00.437 (string)

references : [ »

0 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E (string)

}

]

sourceIdentifier : security@apache.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-284 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object