Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hive/hive-exec@1.0.1

Type maven

Namespace org.apache.hive

Name hive-exec

Version 1.0.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.1.1

Latest_non_vulnerable_version 2.3.4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6ppt-m2fe-1uge

vulnerability_id VCID-6ppt-m2fe-1uge

summary

Improper Authentication
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

references

reference_url	http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
reference_id
reference_type
scores
url	http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E

reference_url	https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
reference_id
reference_type
scores
url	https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

reference_url	http://www-01.ibm.com/support/docview.wss?uid=swg21969546
reference_id
reference_type
scores
url	http://www-01.ibm.com/support/docview.wss?uid=swg21969546

reference_url	http://www.securitytracker.com/id/1034365
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034365

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-1772
reference_id	CVE-2015-1772
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-1772

reference_url	https://github.com/advisories/GHSA-5gvm-hrw5-h6xf
reference_id	GHSA-5gvm-hrw5-h6xf
reference_type
scores
url	https://github.com/advisories/GHSA-5gvm-hrw5-h6xf

fixed_packages

url	pkg:maven/org.apache.hive/hive-exec@1.0.1
purl	pkg:maven/org.apache.hive/hive-exec@1.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.0.1

url	pkg:maven/org.apache.hive/hive-exec@1.1.1
purl	pkg:maven/org.apache.hive/hive-exec@1.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.1.1

aliases CVE-2015-1772, GHSA-5gvm-hrw5-h6xf

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ppt-m2fe-1uge

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive-exec@1.0.1

Package Instance