Average User Rating
You need to be logged in to rate this article.

CVE-2015-7886 HTTPD Access Control Bypass Vulnerability in Data ONTAP operating in 7-Mode

KB Doc ID 9010055 Version: 1.0 Published date: 01/14/2016 Views: 6692

NetApp Advisory Number





Data ONTAP operating in 7-Mode, under certain conditions, allows unauthorized information disclosure on volumes that have HTTP access configured.

Affected Products

  • Data ONTAP operating in 7-Mode ( 958815 registered access) **
  • Data ONTAP 7.3.x and earlier versions

** Refer to the “Software Versions and Fixes” section of this document

Vulnerability Scoring Details (Applies to All Affected Products)

NetApp uses the standards-based Common Vulnerability Scoring System version 2 (CVSSv2) to score vulnerabilities. A guide to CVSS scoring is available from first.org at http://www.first.org/cvss/cvss-guide. NetApp provides a Base and Temporal score.  

Customers may also compute an environmental score to help determine the impact on their networks.


Exploitation of this vulnerability may lead to unauthorized information disclosure on the affected volumes.

Software Versions and Fixes


Tracking ID
(registered access)

First Fixed In Release

 Data ONTAP operating in 7-Mode 958815 http://mysupport.netapp.com/NOW/download/software/ontap/8.2.4P1/


Disable HTTP access using the httpd.enable option. NetApp recommends that the impact of any changes be evaluated in a test environment prior to production deployment.

Obtaining Software Fixes

Software fixes will be made available through the NetApp Support website in the Software Download section. 


Customers who do not have access to the Support website should contact Technical Support at the number below to obtain the patches.

Exploitation and Public Announcements

NetApp is not aware of any public discussion regarding this vulnerability.

Status of This Notice


This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.

This advisory is posted at the following link:  https://kb.netapp.com/support/index?page=content&id=9010055

Contact Information

Check http://mysupport.netapp.com for further updates.

For questions, contact NetApp at:

Technical Support
1 888 4 NETAPP (1 888 463 8277) (U.S. and Canada)
+00 800 44 638277 (EMEA/Europe)
+800 800 80 800 (Asia/Pacific)

Revision History

Revision #



1.0 20160114 Initial Public Release; Final


This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp.

© 2016 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.


Search Knowledgebase


Please Sign In

Login to access secured content. (Login goes to SSO prompt)

Not registered? Register now.