CVE-2016-5001 is a vulnerability in Apache Hadoop
Published on August 30, 2017

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

NVD

Products Associated with CVE-2016-5001

Want to know whenever a new CVE is published for Apache Hadoop? stack.watch will email you.

Apache Hadoop

Affected Versions

Apache Software Foundation Apache Hadoop:

Version 2.1.0 to 2.6.3 is affected.
Version 2.7.0 to 2.7.1 is affected.

Exploit Probability

EPSS

0.12%

Percentile

30.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-5001 is a vulnerability in Apache HadoopPublished on August 30, 2017

Products Associated with CVE-2016-5001

Affected Versions

Exploit Probability

CVE-2016-5001 is a vulnerability in Apache Hadoop
Published on August 30, 2017