CVE-2013-2193

Apache Hbase - Authentication Bypass

Title source: rule

Description

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.

References (3)

[Third Party Advisory, VDB Entry] http://osvdb.org/96615

[Various Sources] https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

[Mailing List] http://seclists.org/fulldisclosure/2013/Aug/250

Scores

EPSS 0.0015

EPSS Percentile 36.1%

Classification

CWE

CWE-287

Status draft

Affected Products (13)

apache/hbase

Timeline

Published May 29, 2014

Tracked Since Feb 18, 2026