<p>Upgrade <code>org.apache.hive:hive-service</code> to version 1.0.1, 1.1.1 or higher.</p>

Improper Authentication Affecting org.apache.hive:hive-service package, versions [0.11.0, 1.0.1) [1.1.0, 1.1.1)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.22% (60^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGAPACHEHIVE-30640
published 22 May 2015
disclosed 22 May 2015
credit Thomas Rega

Report a new vulnerability Found a mistake?

Introduced: 22 May 2015

CVE-2015-1772 Open this link in a new tab CWE-287 Open this link in a new tab

How to fix?

Upgrade org.apache.hive:hive-service to version 1.0.1, 1.1.1 or higher.

Overview

org.apache.hive:hive-service is a package for reading, writing, and managing large datasets residing in distributed storage using SQL.

Affected versions of this package are vulnerable to Improper Authentication. The LDAP implementation in HiveServer2 mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.