Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4eHItNHYyYy1ydmdw
High severity vulnerability that affects org.apache.hbase:hbase
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
Permalink: https://github.com/advisories/GHSA-p8xr-4v2c-rvgpJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4eHItNHYyYy1ydmdw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 7.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-p8xr-4v2c-rvgp, CVE-2015-1836
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1836
- https://github.com/advisories/GHSA-p8xr-4v2c-rvgp
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg@mail.gmail.com%3E
- http://www-01.ibm.com/support/docview.wss?uid=swg21969546
- http://www.securitytracker.com/id/1034365
Affected Packages
maven:org.apache.hbase:hbase
Dependent packages: 186Dependent repositories: 4,583
Downloads:
Affected Version Ranges: >= 1.0.0, <= 1.0.1.0, >= 0.98, <= 0.98.12.0, = 1.1.0
Fixed in: 1.0.1.1, 0.98.12.1, 1.1.0.1
All affected versions: 0.98.1-0.1-hadoop1, 0.98.1-0.1-hadoop2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.6.0, 2.6.1
All unaffected versions: 0.90.0, 0.90.2, 0.90.3, 0.90.4, 0.90.5, 0.92.0, 0.92.1, 0.92.2, 0.94.0, 0.94.1, 0.94.2, 0.94.3, 0.94.4, 0.94.5, 0.94.6, 0.94.7, 0.94.9, 0.94.10, 0.94.11, 0.94.12, 0.94.13, 0.94.14, 0.94.15, 0.94.16, 0.94.17, 0.94.18, 0.94.19, 0.94.20, 0.94.21, 0.94.22, 0.94.23, 0.94.24, 0.94.25, 0.94.26, 0.94.27, 0.95.0, 0.99.0, 0.99.1, 0.99.2