Threat Finder

Threat ID
2775
Threat Date
06/12/2013
Threat Name
User impersonation vulnerability
CVE Reference
CVE-2012-1574
CCE Reference
CCE-NO-MATCH
Risk
High
Database Type
Hadoop
Category
Patchable Vulnerabilities
Versions
Hadoop versions 0.20.203.0, 0.20.204.0, 0.20.205.0, 1.0.0, 1.0.1, 0.23.0, 0.23.1
Summary
Vulnerability allows an authenticated malicious user to impersonate any other user on the cluster.
Overview
Vulnerability allows an authenticated malicious user to impersonate any other user on the cluster. Users who have enabled Hadoop's Kerberos/MapReduce security features are affected.
References
http://www.securityfocus.com/bid/52939
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by