Description

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Remediation

References

http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E

http://www.securitytracker.com/id/1034365

http://www-01.ibm.com/support/docview.wss?uid=swg21969546

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Related Vulnerabilities

CVE-2019-12423 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-jose

CVE-2013-4316 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2024-4367 Vulnerability in npm package pdfjs-dist

CVE-2020-9487 Vulnerability in maven package org.apache.nifi:nifi-web-security

CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

Severity

High

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Vendor Advisory