CVE-2016-3083

Name of the Vulnerable Software and Affected Versions Apache Hive versions prior to 1.2.2 Apache Hive versions 2.0.x prior to 2.0.1

Description The issue arises during the validation of the server's certificate in the connection setup. The client fails to verify the common name attribute of the certificate. This allows a scenario where a JDBC client sending an SSL request to a server, for example, abc.com, will accept a valid certificate issued to a different domain, such as xyz.com, as long as it is certified by a CA. This compromises the security of the SSL handshake.

Recommendations For Apache Hive versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. For Apache Hive versions 2.0.x prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.