cve-2014-3627
Vulnerability from cvelistv5
Published
2014-12-05 16:00
Modified
2024-08-06 10:50
Severity ?
Summary
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
References
secalert@redhat.comhttp://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E
secalert@redhat.comhttp://secunia.com/advisories/60079
secalert@redhat.comhttp://secunia.com/advisories/60432
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60079
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60432
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[hadoop-general] 20141121 [ANNOUNCE] Apache Hadoop 2.5.2 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E"
          },
          {
            "name": "60079",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60079"
          },
          {
            "name": "60432",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60432"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-05T15:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[hadoop-general] 20141121 [ANNOUNCE] Apache Hadoop 2.5.2 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E"
        },
        {
          "name": "60079",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60079"
        },
        {
          "name": "60432",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60432"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3627",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[hadoop-general] 20141121 [ANNOUNCE] Apache Hadoop 2.5.2 released",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug@mail.gmail.com%3E"
            },
            {
              "name": "60079",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60079"
            },
            {
              "name": "60432",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60432"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3627",
    "datePublished": "2014-12-05T16:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"029481B4-F0BC-4C44-B5DB-4AE66AE92334\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"501DBE03-139A-46E9-BFD5-B7D8245AD2C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD95328D-ED9A-4889-96E7-C7B3041745FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65899B21-D364-4E6D-8E82-1D408BA4E2A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5512B2DD-5136-4215-899C-FB48AFA8A2CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68A3493C-3D69-46A9-920A-8BB44B090609\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74588026-F427-4E31-89FA-FFCE5B2EC108\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FD4F0BA-614B-47A9-B916-DD1400FCE532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D8C1670-EFEF-409B-B985-5815B6791B24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF986316-0FB8-4AF9-B372-4FC53C957D8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:0.23.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F59390C3-1517-4908-A10E-02C7FEAA91B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"227941BD-D769-45AD-9D61-7FCA3C2264FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"18BF490A-0865-47C0-A143-0991B40BD259\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"E091799F-203D-4C52-839E-E798770C0287\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E53689-C56C-4104-B510-CB4116B898CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"591921C3-F7EA-402E-9C36-2EADF0417C72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FA774A9-81B3-4303-B254-C802B4DC8004\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"25DB127F-4293-4847-A8C4-C7F6B74762EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8AE3E25-0726-4039-A3A8-B53F7CF0E638\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC9B08F2-CF75-4875-BDE1-D5D9CC7BF7E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11B47B33-C54B-47F7-8AB7-90A589EED6F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377E3DCD-CEB7-400B-BD78-A4C1EE98E4E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8D53754-B3A3-421D-89C2-52F75C103254\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DE3F6F1-C352-4512-BD93-C544C2A77314\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hadoop:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF70A398-852D-47CD-A786-DE983FD319D5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.\"}, {\"lang\": \"es\", \"value\": \"El demonio YARN NodeManager en Apache Hadoop 0.23.0 hasta 0.23.11 y 2.x anterior a 2.5.2, cuando utiliza la autenticaci\\u00f3n Kerberos, permite a usuarios remotos de cl\\u00faster cambiar los permisos de ciertos ficheros a de lectura universal a trav\\u00e9s de un ataque de enlace simb\\u00f3lico en un archivo tar p\\u00fablico, lo que no se maneja correctamente durante la localizaci\\u00f3n, relacionado con un cach\\u00e9 distribuido.\"}]",
      "id": "CVE-2014-3627",
      "lastModified": "2024-11-21T02:08:32.080",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-12-05T16:59:04.127",
      "references": "[{\"url\": \"http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/60079\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/60432\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/60079\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/60432\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-59\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3627\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-12-05T16:59:04.127\",\"lastModified\":\"2024-11-21T02:08:32.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.\"},{\"lang\":\"es\",\"value\":\"El demonio YARN NodeManager en Apache Hadoop 0.23.0 hasta 0.23.11 y 2.x anterior a 2.5.2, cuando utiliza la autenticaci\u00f3n Kerberos, permite a usuarios remotos de cl\u00faster cambiar los permisos de ciertos ficheros a de lectura universal a trav\u00e9s de un ataque de enlace simb\u00f3lico en un archivo tar p\u00fablico, lo que no se maneja correctamente durante la localizaci\u00f3n, relacionado con un cach\u00e9 distribuido.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"029481B4-F0BC-4C44-B5DB-4AE66AE92334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501DBE03-139A-46E9-BFD5-B7D8245AD2C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD95328D-ED9A-4889-96E7-C7B3041745FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65899B21-D364-4E6D-8E82-1D408BA4E2A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5512B2DD-5136-4215-899C-FB48AFA8A2CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68A3493C-3D69-46A9-920A-8BB44B090609\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74588026-F427-4E31-89FA-FFCE5B2EC108\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD4F0BA-614B-47A9-B916-DD1400FCE532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D8C1670-EFEF-409B-B985-5815B6791B24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF986316-0FB8-4AF9-B372-4FC53C957D8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:0.23.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F59390C3-1517-4908-A10E-02C7FEAA91B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"227941BD-D769-45AD-9D61-7FCA3C2264FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"18BF490A-0865-47C0-A143-0991B40BD259\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"E091799F-203D-4C52-839E-E798770C0287\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E53689-C56C-4104-B510-CB4116B898CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"591921C3-F7EA-402E-9C36-2EADF0417C72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA774A9-81B3-4303-B254-C802B4DC8004\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"25DB127F-4293-4847-A8C4-C7F6B74762EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8AE3E25-0726-4039-A3A8-B53F7CF0E638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC9B08F2-CF75-4875-BDE1-D5D9CC7BF7E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B47B33-C54B-47F7-8AB7-90A589EED6F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377E3DCD-CEB7-400B-BD78-A4C1EE98E4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8D53754-B3A3-421D-89C2-52F75C103254\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DE3F6F1-C352-4512-BD93-C544C2A77314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF70A398-852D-47CD-A786-DE983FD319D5\"}]}]}],\"references\":[{\"url\":\"http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60079\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60432\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://mail-archives.apache.org/mod_mbox/hadoop-general/201411.mbox/%3CCALwhT97dOi04aC3VbekaB+zn2UAS_OZV2EAiP78GmjnMzfp2Ug%40mail.gmail.com%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.