CVE-2017-15712 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2017-15712

Modified

More Info Official Page

Source-security@apache.org

Published At-19 Feb, 2018 | 14:29

Updated At-07 Nov, 2023 | 02:40

Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	6.8	MEDIUM	AV:N/AC:L/Au:S/C:C/I:N/A:N

CPE Matches

The Apache Software Foundation

>>oozie>>3.1.2

cpe:2.3:a:apache:oozie:3.1.2:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.1.3

cpe:2.3:a:apache:oozie:3.1.3:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.2

cpe:2.3:a:apache:oozie:3.2:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.2.0

cpe:2.3:a:apache:oozie:3.2.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.2.0

cpe:2.3:a:apache:oozie:3.2.0:incubating:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.0

cpe:2.3:a:apache:oozie:3.3.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.0

cpe:2.3:a:apache:oozie:3.3.0:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.0

cpe:2.3:a:apache:oozie:3.3.0:rc1:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.1

cpe:2.3:a:apache:oozie:3.3.1:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.1

cpe:2.3:a:apache:oozie:3.3.1:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.1

cpe:2.3:a:apache:oozie:3.3.1:rc1:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.2

cpe:2.3:a:apache:oozie:3.3.2:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>3.3.2

cpe:2.3:a:apache:oozie:3.3.2:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.0.0

cpe:2.3:a:apache:oozie:4.0.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.0.0

cpe:2.3:a:apache:oozie:4.0.0:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.0.0

cpe:2.3:a:apache:oozie:4.0.0:rc1:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.0.0

cpe:2.3:a:apache:oozie:4.0.0:rc3:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.0.1

cpe:2.3:a:apache:oozie:4.0.1:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.0.1

cpe:2.3:a:apache:oozie:4.0.1:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.0.1

cpe:2.3:a:apache:oozie:4.0.1:rc1:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.1.0

cpe:2.3:a:apache:oozie:4.1.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.1.0

cpe:2.3:a:apache:oozie:4.1.0:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.1.0

cpe:2.3:a:apache:oozie:4.1.0:rc1:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.2.0

cpe:2.3:a:apache:oozie:4.2.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.2.0

cpe:2.3:a:apache:oozie:4.2.0:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.3.0

cpe:2.3:a:apache:oozie:4.3.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.3.0

cpe:2.3:a:apache:oozie:4.3.0:rc0:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>4.3.0

cpe:2.3:a:apache:oozie:4.3.0:rc1:*:*:*:*:*:*

The Apache Software Foundation

>>oozie>>5.0.0

cpe:2.3:a:apache:oozie:5.0.0:beta1:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/103102	security@apache.org	Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/4606709264fe7cb0285e2a12aca2d01a06b14cd58791c9fc32abd216%40%3Cdev.oozie.apache.org%3E	security@apache.org	N/A