PT-2018-18390 · Apache · Apache Hbase
Publicado
2018-06-27
·
Atualizado
2018-10-18
·
CVE-2018-8025
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Apache HBase versions prior to 1.2.6.1
Apache HBase versions prior to 1.3.2.1
Apache HBase versions prior to 1.4.5
Apache HBase versions prior to 2.0.1
Description:
The issue affects the optional "Thrift 1" API server in Apache HBase when running over HTTP. A race-condition could lead to authenticated sessions being incorrectly applied to users. For example, one authenticated user might be considered a different user, or an unauthenticated user might be treated as an authenticated user.
Recommendations:
For versions prior to 1.2.6.1, update to version 1.2.6.1 or later.
For versions prior to 1.3.2.1, update to version 1.3.2.1 or later.
For versions prior to 1.4.5, update to version 1.4.5 or later.
For versions prior to 2.0.1, update to version 2.0.1 or later.
Correção
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Hbase