Apache · Apache Hbase · CVE-2013-2193
**Name of the Vulnerable Software and Affected Versions**
Apache HBase versions 0.92.x through 0.92.2
Apache HBase versions 0.94.x through 0.94.8
**Description**
The issue allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors when the Kerberos features are enabled.
**Recommendations**
For Apache HBase versions 0.92.x through 0.92.2, update to version 0.92.3 or later.
For Apache HBase versions 0.94.x through 0.94.8, update to version 0.94.9 or later.