Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Apache Hadoop 0.23.x Private File Disclosure Vulnerability

🗓️ 23 Jan 2018 00:00:00Reported by Man Yue MoType 
zdt
 zdt🔗 0day.today👁 44 Views

Apache Hadoop 0.23.x Private File Disclosure Vulnerability CVE-2017-15713 Severity: Severe. Vendor: The Apache Software Foundation. Impact: Allows exposure of private files. Mitigation: Upgrade to Apache Hadoop 2.7.5, 2.8.3, 2.9.0, or 3.0.0

Related
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
3 Dec 202118:47
ibm
IBM Security Bulletins		Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to information disclosure due to its use of Apache Hadoop (CVE-2017-15713)
21 Jul 202212:52
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM watsonx.data
18 Sep 202419:59
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in Apache Hadoop affect Apache Solr shipped with IBM Operations Analytics - Log Analysis
19 Apr 202108:33
ibm
IBM Security Bulletins		Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in Apache Hadoop
17 May 202321:55
ibm
IBM Security Bulletins		Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
22 Jun 202215:20
ibm
IBM Security Bulletins		Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability
13 Dec 201814:45
ibm
IBM Security Bulletins		Log Analysis Security Bulletin List
1 Sep 202111:04
ibm
CNVD		Apache Hadoop Information Disclosure Vulnerability (CNVD-2018-03273)
22 Jan 201800:00
cnvd
CVE		CVE-2017-15713
19 Jan 201817:00
cve
Rows per page
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability

Severity: Severe

Vendor: The Apache Software Foundation

Versions Affected:
  Hadoop 0.23.0 to 0.23.11
  Hadoop 2.0.0-alpha to 2.8.2
  Hadoop 3.0.0-alpha to 3.0.0-beta1

Users affected: Users running the MapReduce job history server daemon

Impact:  Vulnerability allows a cluster user to expose private files
owned by the user running the MapReduce job history server process.
The malicious user can construct a configuration file containing XML
directives that reference sensitive files on the MapReduce job history
server host.

Mitigation: Users should upgrade to Apache Hadoop 2.7.5, 2.8.3, 2.9.0, or 3.0.0.

Credit: This issue was discovered by Man Yue Mo of lgtm.com

#  0day.today [2018-04-10]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Jan 2018 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.00191
apache hadoopvulnerabilityfile disclosurecve-2017-15713severeapache software foundationexposuremitigationupgrademapreducehistory server
44