BID:104554

Apache HBase CVE-2018-8025 Security Bypass Vulnerability

CVE-2018-8025 |

Info

Apache HBase CVE-2018-8025 Security Bypass Vulnerability

Bugtraq ID:	104554
Class:	Race Condition Error
CVE:	CVE-2018-8025
Remote:	Yes
Local:	No
Published:	Jun 22 2018 12:00AM
Updated:	Jun 22 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Apache HBase 2.0 Apache HBase 1.4.4 Apache HBase 1.4 Apache HBase 1.3 Apache HBase 1.2 Apache HBase 1.3.2.0 Apache HBase 1.2.6.0 Apache HBase 1.1.0.1 Apache HBase 1.1 Apache HBase 1.0.1.1

Not Vulnerable:	Apache HBase 2.0.1 Apache HBase 1.4.5 Apache HBase 1.2.6.1

Exploit / POC

Apache HBase CVE-2018-8025 Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Apache HBase CVE-2018-8025 Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apache HBase CVE-2018-8025 Security Bypass Vulnerability

References:

Apache Homepage (Apache)
CVE-2018-8025 on Apache (Seclists.org)
Variable shared across multiple threads (Apache)