Vulnerability CVE-2015-1836


Published: 2015-12-21

Description:
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
IBM -> Infosphere biginsights 
Apache -> Hbase 

 References:
http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg@mail.gmail.com%3E
http://www-01.ibm.com/support/docview.wss?uid=swg21969546
http://www.securitytracker.com/id/1034365
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Copyright 2020, cxsecurity.com

 

Back to Top