CVE-2016-5001
published 2017-08-30CVE-2016-5001: This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user…
medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | <= 2.6.3 | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache_software_foundation | apache_hadoop | — | — |
| apache_software_foundation | apache_hadoop | — | — |