CVE-2015-1836
High severity vulnerability that affects org.apache.hbase:hbase
7.3
HIGH
CVSS 3.1
EPSS 2.1%
Description
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
How to fix CVE-2015-1836
To remediate CVE-2015-1836, upgrade the affected package to a fixed version below.
- —upgrade to 0.98.12.1 or later
Is CVE-2015-1836 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 0.98, < 0.98.12.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
References (6)
- ADVISORYgithub.com/advisories/GHSA-p8xr-4v2c-rvgp
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-1836
- WEBmail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg@mail.gmail.com%3E
- WEBwww.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html