Moderate severityNVD Advisory· Published Nov 2, 2015· Updated May 6, 2026
CVE-2015-1775
CVE-2015-1775
Description
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ambari:ambariMaven | >= 1.5.0, < 2.1.0 | 2.1.0 |
Affected products
8cpe:2.3:a:apache:ambari:1.5.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:apache:ambari:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ambari:2.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- cwiki.apache.org/confluence/display/AMBARI/Ambari+VulnerabilitiesnvdVendor Advisory
- github.com/advisories/GHSA-9g2j-5685-h44hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-1775ghsaADVISORY
- www.openwall.com/lists/oss-security/2015/10/13/2nvdWEB
- cwiki.apache.org/confluence/display/AMBARI/Ambari+VulnerabilitiesghsaWEB
News mentions
0No linked articles in our index yet.