CVE-2015-1836
Summary
| CVE | CVE-2015-1836 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-12-21 11:59:01 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. |
Risk And Classification
Primary CVSS: v3.0 7.3 HIGH from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Problem Types: CWE-284 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.3 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 2.0 | [email protected] | Primary | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
LowAvailability
LowCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Hbase | 0.98.0 | All | All | All |
| Application | Apache | Hbase | 0.98.1 | All | All | All |
| Application | Apache | Hbase | 0.98.10 | All | All | All |
| Application | Apache | Hbase | 0.98.10.1 | All | All | All |
| Application | Apache | Hbase | 0.98.11 | All | All | All |
| Application | Apache | Hbase | 0.98.12 | All | All | All |
| Application | Apache | Hbase | 0.98.2 | All | All | All |
| Application | Apache | Hbase | 0.98.3 | All | All | All |
| Application | Apache | Hbase | 0.98.4 | All | All | All |
| Application | Apache | Hbase | 0.98.5 | All | All | All |
| Application | Apache | Hbase | 0.98.6 | All | All | All |
| Application | Apache | Hbase | 0.98.6.1 | All | All | All |
| Application | Apache | Hbase | 0.98.7 | All | All | All |
| Application | Apache | Hbase | 0.98.8 | All | All | All |
| Application | Apache | Hbase | 0.98.9 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.0 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.1 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CDH Issues | af854a3a-2127-422b-91ae-364da2661108 | www.cloudera.com | |
| IBM Security Bulletin: Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials (CVE-2015-1772, CVE-2015-1836). - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Vendor Advisory |
| IBM InfoSphere BigInsights HBase/Hive Bugs Lets Remote Users Access the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE-2015-1836: Apache HBase remote denial of service, information integrity, and information disclosure vulnerability | af854a3a-2127-422b-91ae-364da2661108 | mail-archives.apache.org | |
| CVE-2015-1836: Apache HBase remote denial of service, information integrity, and information disclosure vulnerability | MITRE | mail-archives.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 983824 Java (maven) Security Update for org.apache.hbase:hbase (GHSA-p8xr-4v2c-rvgp)