CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8025
https://notcve.org/view.php?id=CVE-2018-8025
27 Jun 2018 — CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. CVE-2... • http://www.securityfocus.com/bid/104554 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0CVE-2013-2193 – Apache HBase Man in the Middle
https://notcve.org/view.php?id=CVE-2013-2193
25 Aug 2013 — Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors. Apache HBase 0.92.x anterior a 0.92.3 y 0.94.x anterior a 0.94.9, cuando las funcionalidades Kerberos están habilitadas, permite a atacantes man-in-the-middle deshabilitar autenticación bidireccional y obtener información sensible a través de vectores no especificados. Apache HB... • http://osvdb.org/96615 • CWE-287: Improper Authentication •