Lucene search
K

48 matches found

Prion
Prion
added 2017/07/10 8:29 p.m.17 views

Design/Logic Flaw

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala incubating 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server responds with 'COMPLETE' before the SASL handshake has...

7.5CVSS9.3AI score0.02852EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/07/10 8:29 p.m.20 views

Design/Logic Flaw

During a routine security analysis, it was found that one of the ports in Apache Impala incubating 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...

5CVSS7.5AI score0.01217EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/07/10 8:29 p.m.15 views

CVE-2017-5640

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala incubating 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server responds with 'COMPLETE' before the SASL handshake has...

9.8CVSS7AI score
Exploits0References2
OSV
OSV
added 2017/07/10 8:29 p.m.21 views

CVE-2017-5652

During a routine security analysis, it was found that one of the ports in Apache Impala incubating 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...

7.5CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2017/07/10 8:0 p.m.21 views

CVE-2017-5652

During a routine security analysis, it was found that one of the ports in Apache Impala incubating 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...

7.5AI score0.01217EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/07/10 8:0 p.m.27 views

CVE-2017-5640

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala incubating 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server responds with 'COMPLETE' before the SASL handshake has...

9.5AI score0.02852EPSS
Exploits1References2
CVE
CVE
added 2017/07/10 8:0 p.m.53 views

CVE-2017-5652

The CVE-2017-5652 entry concerns Apache Impala (incubating) versions 2.7.0–2.8.0 where one port used by the StatestoreSubscriber did not employ the secure Thrift transport when TLS was enabled. This allowed an attacker with network access to eavesdrop on plaintext data traversing that port, const...

7.5CVSS7.4AI score0.01217EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/07/10 8:0 p.m.62 views

CVE-2017-5640

CVE-2017-5640 affects Apache Impala (incubating) versions 2.7.0–2.8.0. A malicious process impersonating an Impala daemon can cause the server to skip authentication checks when Kerberos is enabled but TLS is not, by replying with COMPLETE before the SASL handshake finishes, making the client tre...

9.8CVSS9.4AI score0.02852EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder