CVE-2013-2192

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions 1.x prior to 1.2.1 Apache Hadoop versions 0.23.x prior to 0.23.9 Apache Hadoop versions 2.x prior to 2.0.6-alpha

Description The issue concerns the RPC protocol implementation in Apache Hadoop when Kerberos security features are enabled. It allows man-in-the-middle attackers to disable bidirectional authentication, forcing a downgrade to simple authentication and potentially obtaining sensitive information.

Recommendations For Apache Hadoop versions 1.x prior to 1.2.1, update to version 1.2.1 or later. For Apache Hadoop versions 0.23.x prior to 0.23.9, update to version 0.23.9 or later. For Apache Hadoop versions 2.x prior to 2.0.6-alpha, update to version 2.0.6-alpha or later.