Main Vulnerability Database Vulnerabilities #VU37593

Input validation error in Hadoop - CVE-2017-15718

Published: January 24, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37593

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-15718

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Hadoop

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

How to mitigate CVE-2017-15718

Install update from vendor's website.

Sources

https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E

Input validation error in Hadoop - CVE-2017-15718

Detailed vulnerability description

How to mitigate CVE-2017-15718

Sources

Please verify you're human