CVE-2015-1836
First published: Mon Dec 21 2015(Updated: )
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM InfoSphere BigInsights | =3.0.0.0 | |
| IBM InfoSphere BigInsights | =3.0.0.1 | |
| IBM InfoSphere BigInsights | =3.0.0.2 | |
| Apache HBase | =0.98.0 | |
| Apache HBase | =0.98.1 | |
| Apache HBase | =0.98.2 | |
| Apache HBase | =0.98.3 | |
| Apache HBase | =0.98.4 | |
| Apache HBase | =0.98.5 | |
| Apache HBase | =0.98.6 | |
| Apache HBase | =0.98.6.1 | |
| Apache HBase | =0.98.7 | |
| Apache HBase | =0.98.8 | |
| Apache HBase | =0.98.9 | |
| Apache HBase | =0.98.10 | |
| Apache HBase | =0.98.10.1 | |
| Apache HBase | =0.98.11 | |
| Apache HBase | =0.98.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg@mail.gmail.com%3E
- http://www-01.ibm.com/support/docview.wss?uid=swg21969546
- http://www.securitytracker.com/id/1034365
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
Frequently Asked Questions
What is the severity of CVE-2015-1836?
CVE-2015-1836 has a medium severity rating due to its potential for causing denial of service.
How do I fix CVE-2015-1836?
To mitigate CVE-2015-1836, upgrade Apache HBase to version 0.98.12.1 or higher, 1.0.1.1 or higher, or 1.1.0.1 or higher.
What products are affected by CVE-2015-1836?
CVE-2015-1836 affects Apache HBase versions prior to 0.98.12.1, 1.0.1.1, and 1.1.0.1, as well as IBM InfoSphere BigInsights versions 3.0.0.0, 3.0.0.1, and 3.0.0.2.
What is the impact of CVE-2015-1836?
The impact of CVE-2015-1836 includes the possibility of denial of service that can lead to daemon outages.
Is CVE-2015-1836 related to authentication flaws?
CVE-2015-1836 is related to incorrect ACLs for ZooKeeper coordination state, which can be exploited by remote attackers.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/ibm
- canonical/ibm infosphere biginsights
- version/ibm infosphere biginsights/3.0.0.0
- version/ibm infosphere biginsights/3.0.0.1
- version/ibm infosphere biginsights/3.0.0.2
- vendor/apache
- canonical/apache hbase
- version/apache hbase/0.98.0
- version/apache hbase/0.98.1
- version/apache hbase/0.98.2
- version/apache hbase/0.98.3
- version/apache hbase/0.98.4
- version/apache hbase/0.98.5
- version/apache hbase/0.98.6
- version/apache hbase/0.98.6.1
- version/apache hbase/0.98.7
- version/apache hbase/0.98.8
- version/apache hbase/0.98.9
- version/apache hbase/0.98.10
- version/apache hbase/0.98.10.1
- version/apache hbase/0.98.11
- version/apache hbase/0.98.12