4 matches found
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...
Security Bulletin: Apache Hadoop could allow a remote attacker to obtain sensitive information that could affect IBM Streams.
Summary In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. Please see more details below. Vulnerability Details CVEID:...
CVE-2018-11765
CVE-2018-11765 – Hadoop web-UI auth bypass (CONCRETE DETAILS) Affected software: Apache Hadoop 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, and 2.8.0 to 2.8.5. The vulnerability arises in the web interfaces when Kerberos authentication is enabled and SPNEGO over HTTP is not enabled. What is affected: a...
CVE-2018-11765
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. Mitigation Users should upgrade to Apache Hadoop 2.10.0, 3.0.1 or upper. If it...