Описание
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | activemq | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-esb-enterprise-7 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-mq-enterprise-7 | Will not fix | ||
| Red Hat JBoss A-MQ 6.1 | Fixed | RHSA-2014:0401 | 14.04.2014 | |
| Red Hat JBoss Fuse 6.1 | Fixed | RHSA-2014:0400 | 14.04.2014 | |
| RHEV Manager version 3.3 | jasperreports-server-pro | Fixed | RHSA-2014:0037 | 21.01.2014 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1001326hadoop: man-in-the-middle vulnerability
EPSS
Процентиль: 32%
0.00125
Низкий
3.2 Low
CVSS2
Связанные уязвимости
nvd
около 12 лет назад
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.
EPSS
Процентиль: 32%
0.00125
Низкий
3.2 Low
CVSS2