Vulnerabilities > Apache > Hadoop > 2.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-23 | CVE-2014-0229 | Permissions, Privileges, and Access Controls vulnerability in multiple products Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | 4.0 |
2014-01-24 | CVE-2013-2192 | Improper Authentication vulnerability in Apache Hadoop The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. | 3.2 |
2012-07-12 | CVE-2012-3376 | Cryptographic Issues vulnerability in Apache Hadoop 2.0.0 DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. | 7.5 |