Cloudera Community
EY
user rank
New Contributor

Re: Critical vulnerability CVE-2014-0114 found in ...

by New Contributor in Support Questions
‎05-02-2024 08:12 AM
1 Kudo
‎05-02-2024 08:12 AM
1 Kudo
Hi @vaishaakb , thanks for your reply. 1. The Security tool is ITAG Struts Tanium but i am not sure of the version 2. Flagged CVE is CVE-2014-0014, and we doubt it's false positive reported since we checked for this CVE is for commons-beanutils.jar in Apache Struts. But security team requested us to confirm with Cloudera team on whether Apache Struts is used in the Cloudera Data Platform (CDP) 7.1.7 SP1 and CDP was vulnerable to CVE-2014-0114. 3. Full CDP version is : 7.1.7-1.cdh7.1.7.p1050.30900109 Could you please advise on this. Thanks. ... View more

Critical vulnerability CVE-2014-0114 found in CDP ...

by New Contributor in Support Questions
‎05-02-2024 04:13 AM
1 Kudo
‎05-02-2024 04:13 AM
1 Kudo
Hi Team, We got critical vulnerability CVE-2014-0014 found in CDP 7.1.7 SP1 commons-fileupload-1.3.3.jar, could you please check and confirm if Apache Struts is used in the Cloudera Data Platform (CDP) 7.1.7 SP1? Thanks. Path: ./jars/commons-fileupload-1.3.3.jar ./lib/atlas/extractors/lib/azure-adls/commons-fileupload-1.3.3.jar ./lib/atlas/extractors/lib/aws-s3/commons-fileupload-1.3.3.jar ./lib/atlas/server/webapp/atlas/WEB-INF/lib/commons-fileupload-1.3.3.jar ./lib/search/lib/commons-fileupload-1.3.3.jar ./lib/solr/server/solr-webapp/webapp/WEB-INF/lib/commons-fileupload-1.3.3.jar ./lib/hbase-solr/lib/commons-fileupload-1.3.3.jar ./lib/oozie/oozie-sharelib-yarn/lib/spark/commons-fileupload-1.3.3.jar ./lib/search/lib/search-crunch/commons-fileupload-1.3.3.jar ... View more
Contact Me
Online
Offline
Last Visited
‎05-16-2024 07:17 AM
Community Statistics
Member Since ‎05-02-2024 03:41 AM
Last Visited ‎05-16-2024 07:17 AM
Posts 2
Kudos received 2