CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-1836

HIGH
7.3
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile12.98th
Published2015年12月21日
Last Modified2026年5月6日

Vulnerability Description

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.

Affected Platforms (CPE)

📦
Ibm

Infosphere Biginsights

= 3.0.0.0
📦
Ibm

Infosphere Biginsights

= 3.0.0.1
📦
Ibm

Infosphere Biginsights

= 3.0.0.2
📦
Apache

Hbase

= 0.98.0
📦
Apache

Hbase

= 0.98.1
📦
Apache

Hbase

= 0.98.2
📦
Apache

Hbase

= 0.98.3
📦
Apache

Hbase

= 0.98.4
📦
Apache

Hbase

= 0.98.5
📦
Apache

Hbase

= 0.98.6
📦
Apache

Hbase

= 0.98.6.1
📦
Apache

Hbase

= 0.98.7
📦
Apache

Hbase

= 0.98.8
📦
Apache

Hbase

= 0.98.9
📦
Apache

Hbase

= 0.98.10
📦
Apache

Hbase

= 0.98.10.1
📦
Apache

Hbase

= 0.98.11
📦
Apache

Hbase

= 0.98.12

References & Advisories

🔗 http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21969546
🔗 http://www.securitytracker.com/id/1034365
🔗 https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
🔗 http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21969546
🔗 http://www.securitytracker.com/id/1034365
🔗 https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

相關漏洞威脅

CVE-2015-19477.4

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, all...

CVE-2015-17727.3

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3...

CVE-2014-47826.5

IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the ...

CVE-2013-39936.5

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or...