oss-sec mailing list archives
CVE updates: fixes in Apache Atlas 0.7.1-incubating
From: Madhan Neethiraj <madhan () apache org>
Date: Sun, 07 May 2017 19:45:57 -0700
All, Please see below the details of CVE updates for Apache Atlas 0.7.1-incubating release. My apologies for the delay in sending this update. Thanks, Madhan ------------------------------------------------------------------------------------------------------- CVE-2017-3150: Use of insecure cookies Severity: Normal Vendor: The Apache Software Foundation Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas Users affected: All users of Apache Atlas server Description: Atlas uses cookies that could be accessible to client-side script Fix detail: Atlas was updated to make the cookies unavailable to client-side scripts Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version ------------------------------------------------------------------------------------------------------- CVE-2017-3151: Persistent XSS vulnerability Severity: Normal Vendor: The Apache Software Foundation Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas Users affected: All users of Apache Atlas server Description: Atlas was found vulnerable to a Stored Cross-Site Scripting in the edit-tag functionality Fix detail: Atlas was updated to sanitize the user input Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version ------------------------------------------------------------------------------------------------------- CVE-2017-3152: DOM XSS threat Severity: Normal Vendor: The Apache Software Foundation Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas Users affected: All users of Apache Atlas server Description: Atlas was found vulnerable to a DOM XSS in the edit-tag functionality Fix detail: Atlas was updated to sanitize the query parameters Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version ------------------------------------------------------------------------------------------------------- CVE-2017-3153: Reflected XSS vulnerability Severity: Normal Vendor: The Apache Software Foundation Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas Users affected: All users of Apache Atlas server Description: Atlas was found vulnerable to a Reflected XSS in the search functionality Fix detail: Atlas was updated to sanitize the query parameters Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version ------------------------------------------------------------------------------------------------------- CVE-2017-3154: Stack trace in error response Severity: Normal Vendor: The Apache Software Foundation Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas Users affected: All users of Apache Atlas server Description: Error response from Atlas server included stack trace, exposing excessive information Fix detail: Atlas was updated to not include stack trace in error responses Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version ------------------------------------------------------------------------------------------------------- CVE-2017-3155: XFS - cross frame scripting vulnerability Severity: Normal Vendor: The Apache Software Foundation Versions Affected: 0.6.0 or 0.7.0 versions of Apache Atlas Users affected: All users of Apache Atlas server Description: Atlas was found vulnerable to a cross frame scripting Fix detail: Atlas was updated to use appropriate headers to prevent this vulnerability Mitigation: Users should upgrade to Apache Atlas 0.7.1-incubating or later version -------------------------------------------------------------------------------------------------------
Current thread:
- CVE updates: fixes in Apache Atlas 0.7.1-incubating Madhan Neethiraj (May 08)