CVE-2013-2192

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.2 UNKNOWN
ADJACENT_NETWORK
HIGH
AV:A/AC:H/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
apachehadoop
0.23.0
apachehadoop
0.23.1
apachehadoop
0.23.3
apachehadoop
0.23.4
apachehadoop
0.23.5
apachehadoop
0.23.6
apachehadoop
0.23.7
apachehadoop
0.23.8
apachehadoop
1.0.0
apachehadoop
1.0.1
apachehadoop
1.0.2
apachehadoop
1.0.3
apachehadoop
1.0.4
apachehadoop
1.1.0
apachehadoop
1.1.1
apachehadoop
1.1.2
apachehadoop
1.2.0
apachehadoop
2.0.0:alpha
apachehadoop
2.0.1:alpha
apachehadoop
2.0.2:alpha
apachehadoop
2.0.3:alpha
apachehadoop
2.0.4:alpha
apachehadoop
2.0.5:alpha
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0037.html
http://rhn.redhat.com/errata/RHSA-2014-0400.html
http://seclists.org/fulldisclosure/2013/Aug/251
http://secunia.com/advisories/57915
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
http://rhn.redhat.com/errata/RHSA-2014-0037.html
http://rhn.redhat.com/errata/RHSA-2014-0400.html
http://seclists.org/fulldisclosure/2013/Aug/251
http://secunia.com/advisories/57915
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html