CVE-2014-0229

Published: Mar 23, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

Affected (25)

Products: Cloudera: Cdh · Apache: Hadoop

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cloudera Cdh	Version 5.0.0
Cloudera Cdh	Version 5.0.0 beta2
Cloudera Cdh	Version 5.0.0 beta

Configuration B

22 vulnerable

Vulnerable Software	Affected Versions
Apache Hadoop	Version 0.23.0
Apache Hadoop	Version 0.23.10
Apache Hadoop	Version 0.23.1
Apache Hadoop	Version 0.23.3
Apache Hadoop	Version 0.23.4
Apache Hadoop	Version 0.23.5
Apache Hadoop	Version 0.23.6
Apache Hadoop	Version 0.23.7
Apache Hadoop	Version 0.23.8
Apache Hadoop	Version 0.23.9
Apache Hadoop	Version 2.0.0 alpha
Apache Hadoop	Version 2.0.1 alpha
Apache Hadoop	Version 2.0.2 alpha
Apache Hadoop	Version 2.0.3 alpha
Apache Hadoop	Version 2.0.4 alpha
Apache Hadoop	Version 2.0.5 alpha
Apache Hadoop	Version 2.0.6 alpha
Apache Hadoop	Version 2.1.0 beta
Apache Hadoop	Version 2.1.1 beta
Apache Hadoop	Version 2.2.0
Apache Hadoop	Version 2.3.0
Apache Hadoop	Version 2.4.0

Related CWEs

CWE-264

References (2)

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

Source: secalert@redhat.com

Vendor Advisory

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.