CVE-2016-5001

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:hadoop:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.7.1:*:*:*:*:*:*:*

Information

Published : 2017-08-30 12:29

Updated : 2021-07-03 14:15


NVD link : CVE-2016-5001

Mitre link : CVE-2016-5001


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

apache

  • hadoop