WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-1836 Vulnerability in maven package org.apache.hbase:hbase-client

Description

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Remediation

References

http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E

http://www.securitytracker.com/id/1034365

http://www-01.ibm.com/support/docview.wss?uid=swg21969546

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Related Vulnerabilities

CVE-2023-25571 Vulnerability in npm package @backstage/core-components

CVE-2017-4974 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

CVE-2022-27260 Vulnerability in npm package buttercms

CVE-2014-3527 Vulnerability in maven package org.springframework.security:spring-security-cas

CVE-2019-10352 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Vendor Advisory