CVE-2015-0265
MEDIUMApache Ranger < 0.5.0 - Cross-Site Scripting via HTTP User-Agent Header
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76208
Various Sources mailing-list
x_refsource_mlist
https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel%40apache.org%3E
Exploit x_refsource_misc
http://www.slideshare.net/wojdwo/big-problems-with-big-data-hadoop-interfaces-security
Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Scores
CVSS v3
6.1
EPSS
0.0201
EPSS Percentile
84.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
apache/ranger
< 0.4.0
org.apache.ranger/ranger
0 - 0.5.0Maven
Published
Apr 11, 2016
Tracked Since
Feb 18, 2026