Main Vulnerability Database Vulnerabilities #VU40136

Improper access control in sentry - CVE-2016-0760

Published: August 20, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40136

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-0760

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sentry

Affected software:
sentry

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.

How to mitigate CVE-2016-0760

Install update from vendor's website.

Sources

http://mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E
http://www.securityfocus.com/bid/92328

Improper access control in sentry - CVE-2016-0760

Detailed vulnerability description

How to mitigate CVE-2016-0760

Sources

Please verify you're human