漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
Vulnerability Description
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attacker can exploit this vulnerability to read arbitrary files on the server or perform server-side request forgery (SSRF) attacks. The issue has been fixed in both Ambari 2.7.9 and the trunk branch.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Apache Ambari 代码问题漏洞
Vulnerability Description
Apache Ambari是美国阿帕奇(Apache)基金会的一个应用软件。提供开发用于配置,管理和监视Apache Hadoop集群的软件来简化Hadoop管理。 Apache Ambari 2.7.9之前版本存在代码问题漏洞,该漏洞源于允许攻击者注入恶意 XML 实体,攻击者可以读取服务器上的任意文件或执行服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A