CVE-2016-3083 Information

Description

Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server’s certificate during the connection setup the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn’t seem to be verifying the common name attribute of the certificate. In this way if a JDBC client sends an SSL request to server abc.com and the server responds with a valid certificate (certified by CA) but issued to xyz.com the client will accept that as a valid certificate and the SSL handshake will go through.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

http://www.securityfocus.com/bid/98669 https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@3Cdev.hive.apache.org3E

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5