CVE-2014-0229

MEDIUM

Apache Hadoop <0.23.11 & 2.<2.4.1 - DoS

Title source: llm

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

References (1)

[Vendor Advisory] https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

Scores

CVSS v3 6.5

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-264

Status published

Affected Products (27)

cloudera/cdh

apache/hadoop

... and 12 more

Timeline

Published Mar 23, 2017

Tracked Since Feb 18, 2026