CVE-2016-3083
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.hive:hive | <1.2.2 | 1.2.2 |
| Maven | org.apache.hive:hive | >=2.0.0,<2.0.1 | 2.0.1 |
| Maven | org.apache.hive:hive-service | <1.2.2 | 1.2.2 |
| Maven | org.apache.hive:hive-service | >=2.0.0,<2.0.1 | 2.0.1 |
| Maven | org.apache.hive:hive-exec | <1.2.2 | 1.2.2 |
| Maven | org.apache.hive:hive-exec | >=2.0.0,<2.0.1 | 2.0.1 |
References
- http://www.securityfocus.com/bid/98669
- https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2016-3083
- https://github.com/advisories/GHSA-gf2v-9hp6-44qg
- https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E
CWEs
CWE-295
Verify integrity in audit chain (admin only). AS-IS.