CVE-2012-1574

CVSS v2.0 6.5 (Medium)

EPSS 0.21 % (59^th)

Affected Products 3

Advisories 1

The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.

Weaknesses

CWE-310: Cryptographic Issues

Related CVEs

CVE-2012-2230

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2012-04-12 10:45:14
(12 years ago)
Updated Date: 2017-03-24 01:59:00
(7 years ago)

Affected Products

Apache

Hadoop

Cloudera

Configuration #1

		CPE23	From	Up To
	Apache Hadoop 0.20.203.0	cpe:2.3:a:apache:hadoop:0.20.203.0
	Apache Hadoop 0.20.204.0	cpe:2.3:a:apache:hadoop:0.20.204.0
	Apache Hadoop 0.20.205.0	cpe:2.3:a:apache:hadoop:0.20.205.0

Configuration #2

		CPE23	From	Up To
	Apache Hadoop 0.23.0	cpe:2.3:a:apache:hadoop:0.23.0
	Apache Hadoop 0.23.1	cpe:2.3:a:apache:hadoop:0.23.1
	Apache Hadoop 1.0.0	cpe:2.3:a:apache:hadoop:1.0.0
	Apache Hadoop 1.0.1	cpe:2.3:a:apache:hadoop:1.0.1

Configuration #3

		CPE23	From	Up To
	Cloudera Cdh Cdh3	cpe:2.3:a:cloudera:cloudera_cdh:cdh3
	Cloudera Cdh Cdh3 1	cpe:2.3:a:cloudera:cloudera_cdh:cdh3:1
	Cloudera Cdh Cdh3 2	cpe:2.3:a:cloudera:cloudera_cdh:cdh3:2
	Cloudera Hadoop 0.20-sbin	cpe:2.3:a:cloudera:hadoop:0.20-sbin
	Cloudera Hadoop 0.20.1+169	cpe:2.3:a:cloudera:hadoop:0.20.1\%2b169
	Cloudera Hadoop 0.20.2+923	cpe:2.3:a:cloudera:hadoop:0.20.2\%2b923