Lucene search

K
cvelistApacheCVELIST:CVE-2018-11765
HistorySep 30, 2020 - 5:02 p.m.

CVE-2018-11765

2020-09-3017:02:20
apache
www.cve.org
5
apache hadoop
kerberos
authentication

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

67.9%

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

CNA Affected

[
  {
    "product": "Apache Hadoop",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Hadoop 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5"
      }
    ]
  }
]

References

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

67.9%

Related for CVELIST:CVE-2018-11765