Lucene search

MitreCVE-2016-6605

HistoryApr 10, 2017 - 2:59 p.m.

CVE-2016-6605

2017-04-1014:59:00

CWE-284

mitre

web.nvd.nist.gov

cve-2016-6605

impala

cdh

bypass

setry authorization

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

69.5%

JSON

Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.

Affected configurations

Nvd

Node

clouderacdhMatch5.2.0

clouderacdhMatch5.2.1

clouderacdhMatch5.2.2

clouderacdhMatch5.2.3

clouderacdhMatch5.2.4

clouderacdhMatch5.2.5

clouderacdhMatch5.2.6

clouderacdhMatch5.3.0

clouderacdhMatch5.3.1

clouderacdhMatch5.3.2

clouderacdhMatch5.3.3

clouderacdhMatch5.3.4

clouderacdhMatch5.3.5

clouderacdhMatch5.3.6

clouderacdhMatch5.3.7

clouderacdhMatch5.3.8

clouderacdhMatch5.3.9

clouderacdhMatch5.3.10

clouderacdhMatch5.4.0

clouderacdhMatch5.4.1

clouderacdhMatch5.4.2

clouderacdhMatch5.4.3

clouderacdhMatch5.4.4

clouderacdhMatch5.4.5

clouderacdhMatch5.4.6

clouderacdhMatch5.4.7

clouderacdhMatch5.4.8

clouderacdhMatch5.4.9

clouderacdhMatch5.4.10

clouderacdhMatch5.4.11

clouderacdhMatch5.5.0

clouderacdhMatch5.5.1

clouderacdhMatch5.5.2

clouderacdhMatch5.5.3

clouderacdhMatch5.5.4

clouderacdhMatch5.5.5

clouderacdhMatch5.5.6

clouderacdhMatch5.6.0

clouderacdhMatch5.6.1

clouderacdhMatch5.7.0

clouderacdhMatch5.7.1

clouderacdhMatch5.7.2

clouderacdhMatch5.8.0

VendorProductVersionCPE
clouderacdh5.2.0cpe:2.3:a:cloudera:cdh:5.2.0:*:*:*:*:*:*:*
clouderacdh5.2.1cpe:2.3:a:cloudera:cdh:5.2.1:*:*:*:*:*:*:*
clouderacdh5.2.2cpe:2.3:a:cloudera:cdh:5.2.2:*:*:*:*:*:*:*
clouderacdh5.2.3cpe:2.3:a:cloudera:cdh:5.2.3:*:*:*:*:*:*:*
clouderacdh5.2.4cpe:2.3:a:cloudera:cdh:5.2.4:*:*:*:*:*:*:*
clouderacdh5.2.5cpe:2.3:a:cloudera:cdh:5.2.5:*:*:*:*:*:*:*
clouderacdh5.2.6cpe:2.3:a:cloudera:cdh:5.2.6:*:*:*:*:*:*:*
clouderacdh5.3.0cpe:2.3:a:cloudera:cdh:5.3.0:*:*:*:*:*:*:*
clouderacdh5.3.1cpe:2.3:a:cloudera:cdh:5.3.1:*:*:*:*:*:*:*
clouderacdh5.3.2cpe:2.3:a:cloudera:cdh:5.3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudera	cdh	5.2.0	cpe:2.3:a:cloudera:cdh:5.2.0:::::::*
cloudera	cdh	5.2.1	cpe:2.3:a:cloudera:cdh:5.2.1:::::::*
cloudera	cdh	5.2.2	cpe:2.3:a:cloudera:cdh:5.2.2:::::::*
cloudera	cdh	5.2.3	cpe:2.3:a:cloudera:cdh:5.2.3:::::::*
cloudera	cdh	5.2.4	cpe:2.3:a:cloudera:cdh:5.2.4:::::::*
cloudera	cdh	5.2.5	cpe:2.3:a:cloudera:cdh:5.2.5:::::::*
cloudera	cdh	5.2.6	cpe:2.3:a:cloudera:cdh:5.2.6:::::::*
cloudera	cdh	5.3.0	cpe:2.3:a:cloudera:cdh:5.3.0:::::::*
cloudera	cdh	5.3.1	cpe:2.3:a:cloudera:cdh:5.3.1:::::::*
cloudera	cdh	5.3.2	cpe:2.3:a:cloudera:cdh:5.3.2:::::::*

Rows per page:

1-10 of 431

References

www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.003

Percentile

69.5%

JSON

Related for CVE-2016-6605