CVE-2015-1836
Summary
| CVE | CVE-2015-1836 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-12-21 11:59:00 UTC |
| Updated | 2023-11-07 02:24:00 UTC |
| Description | Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic. |
Risk And Classification
Problem Types: CWE-284
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Hbase | 0.98.0 | All | All | All |
| Application | Apache | Hbase | 0.98.1 | All | All | All |
| Application | Apache | Hbase | 0.98.10 | All | All | All |
| Application | Apache | Hbase | 0.98.10.1 | All | All | All |
| Application | Apache | Hbase | 0.98.11 | All | All | All |
| Application | Apache | Hbase | 0.98.12 | All | All | All |
| Application | Apache | Hbase | 0.98.2 | All | All | All |
| Application | Apache | Hbase | 0.98.3 | All | All | All |
| Application | Apache | Hbase | 0.98.4 | All | All | All |
| Application | Apache | Hbase | 0.98.5 | All | All | All |
| Application | Apache | Hbase | 0.98.6 | All | All | All |
| Application | Apache | Hbase | 0.98.6.1 | All | All | All |
| Application | Apache | Hbase | 0.98.7 | All | All | All |
| Application | Apache | Hbase | 0.98.8 | All | All | All |
| Application | Apache | Hbase | 0.98.9 | All | All | All |
| Application | Apache | Hbase | 0.98.0 | All | All | All |
| Application | Apache | Hbase | 0.98.1 | All | All | All |
| Application | Apache | Hbase | 0.98.10 | All | All | All |
| Application | Apache | Hbase | 0.98.10.1 | All | All | All |
| Application | Apache | Hbase | 0.98.11 | All | All | All |
| Application | Apache | Hbase | 0.98.12 | All | All | All |
| Application | Apache | Hbase | 0.98.2 | All | All | All |
| Application | Apache | Hbase | 0.98.3 | All | All | All |
| Application | Apache | Hbase | 0.98.4 | All | All | All |
| Application | Apache | Hbase | 0.98.5 | All | All | All |
| Application | Apache | Hbase | 0.98.6 | All | All | All |
| Application | Apache | Hbase | 0.98.6.1 | All | All | All |
| Application | Apache | Hbase | 0.98.7 | All | All | All |
| Application | Apache | Hbase | 0.98.8 | All | All | All |
| Application | Apache | Hbase | 0.98.9 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.0 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.1 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.2 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.0 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.1 | All | All | All |
| Application | Ibm | Infosphere Biginsights | 3.0.0.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM InfoSphere BigInsights HBase/Hive Bugs Lets Remote Users Access the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE-2015-1836: Apache HBase remote denial of service, information integrity, and information disclosure vulnerability | mail-archives.apache.org | ||
| IBM Security Bulletin: Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials (CVE-2015-1772, CVE-2015-1836). - United States | CONFIRM | www-01.ibm.com | Vendor Advisory |
| CDH Issues | CONFIRM | www.cloudera.com | |
| CVE-2015-1836: Apache HBase remote denial of service, information integrity, and information disclosure vulnerability | MLIST | mail-archives.apache.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 983824 Java (maven) Security Update for org.apache.hbase:hbase (GHSA-p8xr-4v2c-rvgp)