CVE-2016-0760
HIGHApache Sentry - Authenticated Remote Code Execution via Hive Builtin Function Blacklist Bypass
Title source: llmDescription
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92328
Scores
CVSS v3
8.8
EPSS
0.0071
EPSS Percentile
72.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (2)
apache/sentry
1.5.1
apache/sentry
1.6.0
Published
Aug 19, 2016
Tracked Since
Feb 18, 2026