Average User Rating
You need to be logged in to rate this article.

CVE-2015-7886 HTTPD Access Control Bypass Vulnerability in Data ONTAP operating in 7-Mode


KB Doc ID 9010055 Version: 1.0 Published date: 01/14/2016 Views: 6254
 

NetApp Advisory Number

NTAP-20160114-0002

CVE

CVE-2015-7886

Summary

Data ONTAP operating in 7-Mode, under certain conditions, allows unauthorized information disclosure on volumes that have HTTP access configured.

Affected Products

  • Data ONTAP operating in 7-Mode ( 958815 registered access) **
  • Data ONTAP 7.3.x and earlier versions

** Refer to the “Software Versions and Fixes” section of this document

Vulnerability Scoring Details (Applies to All Affected Products)

NetApp uses the standards-based Common Vulnerability Scoring System version 2 (CVSSv2) to score vulnerabilities. A guide to CVSS scoring is available from first.org at http://www.first.org/cvss/cvss-guide. NetApp provides a Base and Temporal score.  

Customers may also compute an environmental score to help determine the impact on their networks.

Impact

Exploitation of this vulnerability may lead to unauthorized information disclosure on the affected volumes.

Software Versions and Fixes

Product

Tracking ID
(registered access)

First Fixed In Release

 Data ONTAP operating in 7-Mode 958815 http://mysupport.netapp.com/NOW/download/software/ontap/8.2.4P1/

Workarounds

Disable HTTP access using the httpd.enable option. NetApp recommends that the impact of any changes be evaluated in a test environment prior to production deployment.

Obtaining Software Fixes

Software fixes will be made available through the NetApp Support website in the Software Download section. 

http://mysupport.netapp.com/NOW/cgi-bin/software/

Customers who do not have access to the Support website should contact Technical Support at the number below to obtain the patches.

Exploitation and Public Announcements

NetApp is not aware of any public discussion regarding this vulnerability.

Status of This Notice

Final.  

This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.

This advisory is posted at the following link:  https://kb.netapp.com/support/index?page=content&id=9010055

Contact Information

Check http://mysupport.netapp.com for further updates.

For questions, contact NetApp at:

Technical Support
mysupport.netapp.com
1 888 4 NETAPP (1 888 463 8277) (U.S. and Canada)
+00 800 44 638277 (EMEA/Europe)
+800 800 80 800 (Asia/Pacific)

Revision History

Revision #

Date

Comments

1.0 20160114 Initial Public Release; Final

Disclaimer

This document is provided solely for informational purposes. All information is based upon NetApp’s current knowledge and understanding of the hardware and software products tested by NetApp, and the methodology and assumptions used by NetApp. NetApp is not responsible for any errors or omissions that may be contained herein, and no warranty, representation, or other legal commitment or obligation is being provided by NetApp.

© 2016 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp, Inc.

 

Search Knowledgebase

Deutsch
English
Français
中国
日本語

Please Sign In

Login to access secured content. (Login goes to SSO prompt)

Not registered? Register now.