apache hbase CVE-2018-8025 is a vulnerability in Apache Hbase
Published on June 27, 2018

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1.

NVD


Products Associated with CVE-2018-8025

Want to know whenever a new CVE is published for Apache Hbase? stack.watch will email you.

Apache Hbase
 

Affected Versions

Apache Software Foundation Apache HBase Version Apache Tomcat 1.x and 2.x, excluding 1.0.0 is affected by CVE-2018-8025

Exploit Probability

EPSS
0.64%
Percentile
70.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.