VYPR
Get started
← All advisories
Medium severity6.5NVD Advisory· Published Mar 23, 2017· Updated May 13, 2026

CVE-2014-0229

CVE-2014-0229

Description

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.hadoop:hadoop-commonMaven
>= 0.23.0, < 0.23.110.23.11
org.apache.hadoop:hadoop-commonMaven
>= 2.0.0, < 2.4.12.4.1

Affected products

25
  • Apache/Hadoop22 versions
    cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*
  • Cloudera/Cdh3 versions
    cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.