CVE-2016-5001

Опубликовано: 30 авг. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

Ссылки

http://seclists.org/oss-sec/2016/q4/698
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94950
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E
http://seclists.org/oss-sec/2016/q4/698
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94950
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*

Версия до 2.6.3 (включая)

cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00118

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2016-5001

CVSS3: 5.5

debian

больше 8 лет назад

This is an information disclosure vulnerability in Apache Hadoop befor ...

GHSA-8r28-r8cp-g6cp

CVSS3: 5.5

github

больше 3 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

EPSS

Процентиль: 31%

0.00118

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200