CVE-2015-1772
First published: Mon Dec 21 2015(Updated: )
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM InfoSphere BigInsights | =3.0.0.0 | |
| IBM InfoSphere BigInsights | =3.0.0.1 | |
| IBM InfoSphere BigInsights | =3.0.0.2 | |
| Apache Hive | =1.0.0 | |
| Apache Hive | =1.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
- http://www-01.ibm.com/support/docview.wss?uid=swg21969546
- http://www.securitytracker.com/id/1034365
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- vendor/ibm
- canonical/ibm infosphere biginsights
- version/ibm infosphere biginsights/3.0.0.0
- version/ibm infosphere biginsights/3.0.0.1
- version/ibm infosphere biginsights/3.0.0.2
- vendor/apache
- canonical/apache hive
- version/apache hive/1.0.0
- version/apache hive/1.1.0