CVE-2018-11765 : What You Need to Know
Learn about CVE-2018-11765 affecting Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, and 2.8.0 to 2.8.5. Unauthorized access to servlets without authentication can lead to information disclosure.
Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, and 2.8.0 to 2.8.5 are affected by an information disclosure vulnerability that allows unauthorized access to certain servlets.
Understanding CVE-2018-11765
This CVE impacts Apache Hadoop, potentially leading to information disclosure.
What is CVE-2018-11765?
In Apache Hadoop versions specified, users can access servlets without authentication when Kerberos is enabled but SPNEGO through HTTP is not.
The Impact of CVE-2018-11765
The vulnerability allows unauthorized users to access specific servlets without requiring authentication, potentially leading to information disclosure.
Technical Details of CVE-2018-11765
Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, and 2.8.0 to 2.8.5 are affected.
Vulnerability Description
When Kerberos authentication is enabled but SPNEGO through HTTP is not, unauthorized users can access certain servlets without authentication.
Affected Systems and Versions
- Apache Hadoop 3.0.0-alpha2 to 3.0.0
- Apache Hadoop 2.9.0 to 2.9.2
- Apache Hadoop 2.8.0 to 2.8.5
Exploitation Mechanism
Unauthorized users exploit the lack of authentication enforcement in specific servlets to gain access.
Mitigation and Prevention
Immediate Steps to Take:
- Disable access to affected servlets if not required.
- Implement SPNEGO through HTTP to enforce authentication.
Long-Term Security Practices:
- Regularly update Apache Hadoop to the latest secure versions.
- Monitor and restrict access to sensitive servlets.
- Conduct security audits to identify and address vulnerabilities.
Patching and Updates
Apply patches provided by Apache to address the vulnerability.