https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39449#M23892 <P>Thanks&nbsp;<SPAN class=""><A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/10253" target="_blank">cjervis</A>.</SPAN></P><P>&nbsp;</P><P><SPAN class="">I fixed that vulnerability issue.</SPAN></P><P>&nbsp;</P><P><SPAN class="">Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.</SPAN></P><P>&nbsp;</P><P><SPAN class="">So, I gave the&nbsp;privileges for 25000 port which impala port. Throught this port only&nbsp;<SPAN>v</SPAN><SPAN>ulnerability raised because of&nbsp;<STRONG>Privilege Escalation vulnerability. </STRONG>Finally it's fixed.</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Thanks for your responce&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/10253" target="_blank">cjervis</A><SPAN>.</SPAN></SPAN></SPAN></P> Thu, 07 Apr 2016 12:32:45 GMT steh 2016-04-07T12:32:45Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39124#M23889 <P>Hi,</P> <P>&nbsp;</P> <P>We ran&nbsp;Vulnerability assessment test and we could see some <SPAN>Vulnerabilities in cloudera. Have mentioned the description of the reported&nbsp;Vulnerabilities.</SPAN></P> <P>&nbsp;</P> <P><STRONG>Vulnerability Detection Method</STRONG><BR /><STRONG>Details:dotProject Privilege Escalation Vulnerability</STRONG><BR /><STRONG>OID:1.3.6.1.4.1.25623.1.0.800565</STRONG><BR /><STRONG>Version used: $Revision: 2235 $</STRONG><BR /><STRONG>References</STRONG><BR /><STRONG>CVE: CVE-2008-6747</STRONG><BR /><STRONG>BID:29679</STRONG><BR /><STRONG>Other:</STRONG><BR /><STRONG>URL:<A href="http://en.securitylab.ru/nvd/378282.php" target="_blank">http://en.securitylab.ru/nvd/378282.php</A></STRONG><BR /><STRONG>URL:<A href="http://xforce.iss.net/xforce/xfdb/43019" target="_blank">http://xforce.iss.net/xforce/xfdb/43019</A></STRONG></P> <P>&nbsp;</P> <P><SPAN>Kindly have a look and do suggest us on the same.</SPAN></P> Tue, 08 Nov 2016 15:59:39 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39124#M23889 steh 2016-11-08T15:59:39Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39307#M23890 <P>Hi,</P><P>&nbsp;</P><P>&nbsp;</P><P>We ran&nbsp;Vulnerability assessment test and we could see some <SPAN>Vulnerabilities in cloudera. Have mentioned the description of the reported&nbsp;Vulnerabilities.</SPAN></P><P>&nbsp;</P><P><STRONG>The host is installed with dotProject and is prone to Privilege Escalation vulnerability.<BR />Vulnerability Detection Result<BR />Vulnerability was detected according to the Vulnerability Detection Method.<BR />Impact<BR />Attackers can exploit this issue via specially crafted HTTP request to certain administrative<BR />pages to gain administrative privileges on the a?ected system. Impact Level: Application</STRONG></P><P>&nbsp;</P><P><STRONG>Vulnerability Detection Method</STRONG><BR /><STRONG>Details:dotProject Privilege Escalation Vulnerability</STRONG><BR /><STRONG>OID:1.3.6.1.4.1.25623.1.0.800565</STRONG><BR /><STRONG>Version used: $Revision: 2235 $</STRONG><BR /><STRONG>References</STRONG><BR /><STRONG>CVE: CVE-2008-6747</STRONG><BR /><STRONG>BID:29679</STRONG><BR /><STRONG>Other:</STRONG><BR /><STRONG>URL:<A href="http://en.securitylab.ru/nvd/378282.php" target="_blank" rel="nofollow">http://en.securitylab.ru/nvd/378282.php</A></STRONG><BR /><STRONG>URL:<A href="http://xforce.iss.net/xforce/xfdb/43019" target="_blank" rel="nofollow">http://xforce.iss.net/xforce/xfdb/43019</A></STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P><STRONG><SPAN>Kindly have a look and do suggest us on the same.</SPAN></STRONG></P> Mon, 04 Apr 2016 06:22:44 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39307#M23890 steh 2016-04-04T06:22:44Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39408#M23891 <P>Sorry for the delay in response&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/10062">@steh</a>, I was seeing what I could find out through my contacts.&nbsp;</P> <P>&nbsp;</P> <P>The response I received is that the CVE that is referred to applies to "dotProject" which is not Cloudera software.&nbsp;</P> <P>&nbsp;</P> <P>I hope this helps.</P> Wed, 06 Apr 2016 16:27:39 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39408#M23891 cjervis 2016-04-06T16:27:39Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39449#M23892 <P>Thanks&nbsp;<SPAN class=""><A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/10253" target="_blank">cjervis</A>.</SPAN></P><P>&nbsp;</P><P><SPAN class="">I fixed that vulnerability issue.</SPAN></P><P>&nbsp;</P><P><SPAN class="">Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.</SPAN></P><P>&nbsp;</P><P><SPAN class="">So, I gave the&nbsp;privileges for 25000 port which impala port. Throught this port only&nbsp;<SPAN>v</SPAN><SPAN>ulnerability raised because of&nbsp;<STRONG>Privilege Escalation vulnerability. </STRONG>Finally it's fixed.</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Thanks for your responce&nbsp;<A href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/10253" target="_blank">cjervis</A><SPAN>.</SPAN></SPAN></SPAN></P> Thu, 07 Apr 2016 12:32:45 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39449#M23892 steh 2016-04-07T12:32:45Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39450#M23893 <P>I'm happy to hear that you resolved the issue. Feel free to mark your last comment as the solution. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 07 Apr 2016 12:38:18 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Vulnerability-assessment-test/m-p/39450#M23893 cjervis 2016-04-07T12:38:18Z