CVE-2015-4078
low
CVSS v3
3.1
CVSS v2
3.5
VIR risk
3.1
Description
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Predictions
Exploit likelihood
42%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_o1q_wrm_js
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cloudera | cloudera_manager | 5.3.0 | |
| cloudera | cloudera_manager | 5.3.1 | |
| cloudera | cloudera_manager | 5.3.2 | |
| cloudera | cloudera_manager | 5.3.3 | |
| cloudera | cloudera_manager | 5.4.0 | |
| cloudera | cloudera_manager | 5.4.1 | |
| cloudera | navigator | 2.2.0 | |
| cloudera | navigator | 2.2.1 | |
| cloudera | navigator | 2.2.2 | |
| cloudera | navigator | 2.2.3 | |
| cloudera | navigator | 2.3.0 | |
| cloudera | navigator | 2.3.1 | |
References
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.