cve-2016-3083
Vulnerability from cvelistv5
Published
2017-05-30 14:00
Modified
2024-08-05 23:40
Severity ?
Summary
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.
References
security@apache.orghttp://www.securityfocus.com/bid/98669
security@apache.orghttps://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98669
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:15.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[dev] 20170524 CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E"
          },
          {
            "name": "98669",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98669"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Hive",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "0.11.0 - 0.14.0"
            },
            {
              "status": "affected",
              "version": "1.0.0 - 1.2.1"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-31T09:57:01",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[dev] 20170524 CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E"
        },
        {
          "name": "98669",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98669"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2016-3083",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Hive",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "0.11.0 - 0.14.0"
                          },
                          {
                            "version_value": "1.0.0 - 1.2.1"
                          },
                          {
                            "version_value": "2.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[dev] 20170524 CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "98669",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98669"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2016-3083",
    "datePublished": "2017-05-30T14:00:00",
    "dateReserved": "2016-03-10T00:00:00",
    "dateUpdated": "2024-08-05T23:40:15.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:0.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BE36554-0C96-406E-80EB-ECDB0E1CA2D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:0.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39667946-AA1C-4CCF-B22F-431A24102A79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:0.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83A48669-26C6-490D-9686-51A2BED1FB29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EFCB996-0ED9-4FFC-BB76-8742306D47B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"650C90FA-1D6C-4015-A92B-9852D6CEA2F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:1.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0139B115-DD15-4C84-ACA9-1F0426496288\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C363DD3-BB9E-4AE2-9C81-731043E80858\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"472BB9D5-CE7A-4E14-A8F2-349AE2982B93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:hive:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4554B70-61AB-4E00-92EE-FFD462B2D953\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.\"}, {\"lang\": \"es\", \"value\": \"Apache Hive (JDBC + HiveServer2) implementa SSL para conexiones planas TCP y HTTP (soporta ambos modos de transporte). Mientras se comprueba el certificado del servidor durante la configuraci\\u00f3n de la conexi\\u00f3n, el cliente Apache Hive anterior a versi\\u00f3n 1.2.2 y versiones 2.0.x anteriores a 2.0.1, no parece estar comprobando el atributo de nombre com\\u00fan del certificado. De este modo, si un cliente JDBC env\\u00eda una petici\\u00f3n SSL al servidor abc.com y el servidor responde con un certificado v\\u00e1lido (certificado por CA) pero emitido a xyz.com, el cliente lo aceptar\\u00e1 como certificado v\\u00e1lido y el protocolo de enlace SSL pasar\\u00e1.\"}]",
      "id": "CVE-2016-3083",
      "lastModified": "2024-11-21T02:49:19.790",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-30T14:29:00.207",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/98669\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.securityfocus.com/bid/98669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-3083\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-05-30T14:29:00.207\",\"lastModified\":\"2024-11-21T02:49:19.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.\"},{\"lang\":\"es\",\"value\":\"Apache Hive (JDBC + HiveServer2) implementa SSL para conexiones planas TCP y HTTP (soporta ambos modos de transporte). Mientras se comprueba el certificado del servidor durante la configuraci\u00f3n de la conexi\u00f3n, el cliente Apache Hive anterior a versi\u00f3n 1.2.2 y versiones 2.0.x anteriores a 2.0.1, no parece estar comprobando el atributo de nombre com\u00fan del certificado. De este modo, si un cliente JDBC env\u00eda una petici\u00f3n SSL al servidor abc.com y el servidor responde con un certificado v\u00e1lido (certificado por CA) pero emitido a xyz.com, el cliente lo aceptar\u00e1 como certificado v\u00e1lido y el protocolo de enlace SSL pasar\u00e1.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:0.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BE36554-0C96-406E-80EB-ECDB0E1CA2D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:0.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39667946-AA1C-4CCF-B22F-431A24102A79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:0.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83A48669-26C6-490D-9686-51A2BED1FB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFCB996-0ED9-4FFC-BB76-8742306D47B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"650C90FA-1D6C-4015-A92B-9852D6CEA2F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0139B115-DD15-4C84-ACA9-1F0426496288\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C363DD3-BB9E-4AE2-9C81-731043E80858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"472BB9D5-CE7A-4E14-A8F2-349AE2982B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hive:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4554B70-61AB-4E00-92EE-FFD462B2D953\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98669\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.securityfocus.com/bid/98669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.