CVE-2014-0229

MEDIUM

Apache Hadoop <0.23.11 & 2.<2.4.1 - DoS

Title source: llm

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

Scores

CVSS v3 6.5

EPSS 0.0046

EPSS Percentile 64.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-264

Status published

Products (24)

apache/hadoop 0.23.0

apache/hadoop 0.23.1

apache/hadoop 0.23.3

apache/hadoop 0.23.4

apache/hadoop 0.23.5

apache/hadoop 0.23.6

apache/hadoop 0.23.7

apache/hadoop 0.23.8

apache/hadoop 0.23.9

apache/hadoop 0.23.10

... and 14 more

Published Mar 23, 2017

Tracked Since Feb 18, 2026