Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:93016
HistoryApr 24, 2017 - 12:00 a.m.

Cloudera Manager =< 5.5 Process logs access (CVE-2016-4949)

2017-04-2400:00:00
Root
www.seebug.org
19

EPSS

0.003

Percentile

69.0%

JSON

Cloudera Manager =< 5.5 is vulnerable to an access control issue allowing any user to access any process logs, on standard output and error descriptors, with the following GET request:

http://&lt;cloudera_manager_IP&gt;:7180/cmf/process/&lt;process_id&gt;/logs?filename={stderr,stdout}.log

The prerequisite to exploit this vulnerability is to know (or iterate) the targeted process identifier.
The impact of the vulnerability is that a poorly developed process might contain sensitive information.

The Cloudera CERT indicated that this vulnerability is fixed in version 5.8.

Related

cve 1
cvelist 1
prion 1
nvd 1
openvas 1
ibm 1
cve
cve
CVE-2016-4949
2017-03-07 16:59:00
cvelist
cvelist
CVE-2016-4949
2017-03-07 16:00:00
prion
prion
Code injection
2017-03-07 16:59:00
nvd
nvd
CVE-2016-4949
2017-03-07 16:59:00
openvas
openvas
Cloudera Manager Multiple Vulnerabilities
2017-03-09 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities
2018-07-06 15:43:26

EPSS

0.003

Percentile

69.0%

JSON
Related for SSV:93016
cve1cvelist1prion1nvd1openvas1ibm1