Support Questions

Find answers, ask questions, and share your expertise

Vulnerability assessment test

avatar
Explorer

Hi,

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

Kindly have a look and do suggest us on the same.

1 ACCEPTED SOLUTION

avatar
Explorer

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

View solution in original post

4 REPLIES 4

avatar
Explorer

Hi,

 

 

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

 

The host is installed with dotProject and is prone to Privilege Escalation vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Attackers can exploit this issue via specially crafted HTTP request to certain administrative
pages to gain administrative privileges on the a?ected system. Impact Level: Application

 

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

 

 

Kindly have a look and do suggest us on the same.

avatar
Community Manager

Sorry for the delay in response @steh, I was seeing what I could find out through my contacts. 

 

The response I received is that the CVE that is referred to applies to "dotProject" which is not Cloudera software. 

 

I hope this helps.


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Explorer

Thanks cjervis.

 

I fixed that vulnerability issue.

 

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

 

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

 

Thanks for your responce cjervis.

avatar
Community Manager

I'm happy to hear that you resolved the issue. Feel free to mark your last comment as the solution. 🙂


Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.