CVE-2016-3083

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.

Apache Hive (JDBC + HiveServer2) implementa SSL para conexiones planas TCP y HTTP (soporta ambos modos de transporte). Mientras se comprueba el certificado del servidor durante la configuración de la conexión, el cliente Apache Hive anterior a versión 1.2.2 y versiones 2.0.x anteriores a 2.0.1, no parece estar comprobando el atributo de nombre común del certificado. De este modo, si un cliente JDBC envía una petición SSL al servidor abc.com y el servidor responde con un certificado válido (certificado por CA) pero emitido a xyz.com, el cliente lo aceptará como certificado válido y el protocolo de enlace SSL pasará.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-03-10 CVE Reserved
2017-05-30 CVE Published
2023-11-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-295: Improper Certificate Validation

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/98669	Vdb Entry
https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				0.13.0 Search vendor "Apache" for product "Hive" and version "0.13.0"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				0.13.1 Search vendor "Apache" for product "Hive" and version "0.13.1"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				0.14.0 Search vendor "Apache" for product "Hive" and version "0.14.0"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				1.0.0 Search vendor "Apache" for product "Hive" and version "1.0.0"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				1.0.1 Search vendor "Apache" for product "Hive" and version "1.0.1"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				1.1.0 Search vendor "Apache" for product "Hive" and version "1.1.0"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				1.1.1 Search vendor "Apache" for product "Hive" and version "1.1.1"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				1.2.0 Search vendor "Apache" for product "Hive" and version "1.2.0"		-		Affected
Apache Search vendor "Apache"		Hive Search vendor "Apache" for product "Hive"				1.2.1 Search vendor "Apache" for product "Hive" and version "1.2.1"		-		Affected