Support Questions

cjervis · ‎03-29-2016

Hi,

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

Kindly have a look and do suggest us on the same.

steh · ‎04-07-2016

Thanks cjervis.

I fixed that vulnerability issue.

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

Thanks for your responce cjervis.

View solution in original post

steh · ‎04-03-2016

Hi,

We ran Vulnerability assessment test and we could see some Vulnerabilities in cloudera. Have mentioned the description of the reported Vulnerabilities.

The host is installed with dotProject and is prone to Privilege Escalation vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Attackers can exploit this issue via specially crafted HTTP request to certain administrative
pages to gain administrative privileges on the a?ected system. Impact Level: Application

Vulnerability Detection Method
Details:dotProject Privilege Escalation Vulnerability
OID:1.3.6.1.4.1.25623.1.0.800565
Version used: $Revision: 2235 $
References
CVE: CVE-2008-6747
BID:29679
Other:
URL:http://en.securitylab.ru/nvd/378282.php
URL:http://xforce.iss.net/xforce/xfdb/43019

Kindly have a look and do suggest us on the same.

cjervis · ‎04-06-2016

Sorry for the delay in response @steh, I was seeing what I could find out through my contacts.

The response I received is that the CVE that is referred to applies to "dotProject" which is not Cloudera software.

I hope this helps.

Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

steh · ‎04-07-2016

Thanks cjervis.

I fixed that vulnerability issue.

Yes what you said is correct "dotproject" is not related to cloudera. but whene ever we tested the assessment that time we faced like dot project.

So, I gave the privileges for 25000 port which impala port. Throught this port only vulnerability raised because of Privilege Escalation vulnerability. Finally it's fixed.

Thanks for your responce cjervis.

cjervis · ‎04-07-2016

I'm happy to hear that you resolved the issue. Feel free to mark your last comment as the solution. 🙂

Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Cloudera Community

Support Questions

Vulnerability assessment test

Spark Python Integration Test Result Exceptions

HDP Upgrade Best Practices - 1) Plan and Assess

Simple steps to test Hive JDBC connect

Vulnerability (Text4Shell) (CVE-2022-42889)

Kafka 2.3 Performance testing

Testing NiFi Expression Language with Groovy

How to test mysql JDBC connection through CLI

JMeter Setup for Hive Load Testing

Log4j Vulnerability

Assessing readiness for HDPCD