Description
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
Remediation
References
http://www-01.ibm.com/support/docview.wss?uid=swg21969546
http://www.securitytracker.com/id/1034365
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
Related Vulnerabilities
CVE-2015-5204 Vulnerability in npm package cordova-plugin-file-transfer
CVE-2023-2585 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2021-41079 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2011-2093 Vulnerability in maven package com.adobe.blazeds:flex-messaging-common
CVE-2022-1415 Vulnerability in maven package org.drools:drools-core