Apache Hive Authentication Vulnerability (CVE-2015-1772)

Apache Hive Authentication Vulnerability (CVE-2015-1772)
Apache Hive Authentication Vulnerability (CVE-2015-1772)

Release date:
Updated on:

Affected Systems:

Apache Group Hive 1.1.0
Apache Group Hive 0.11.0－1.0.0

Description:

CVE (CAN) ID: CVE-2015-1772

Apache Hive is a database software that facilitates query and management of large datasets on distributed storage devices.

Apache Hive 0.11.0-1.0.0, 1.1.0, LDAP is sometimes configured to allow unauthenticated binding. When HiveServer2 is configured to use LDAP Authentication mode, users without creden are allowed to pass authentication.

<* Source: Thomas Rega
*>

Suggestion:

Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download 1.0.1, 1.1.1, 1.2.0 at the vendor's homepage:

Http://hive.apache.org/

[Email protected] com % 3E "target =" _ blank "> http://mail-archives.us.apache.org/mod_mbox/www-announce/201505.mbox/##email protected] com % 3E

Hive programming guide PDF (Chinese Version)

Hadoop cluster-based Hive Installation

Differences between Hive internal tables and external tables

Hadoop + Hive + Map + reduce cluster installation and deployment

Install in Hive local standalone Mode

WordCount word statistics for Hive Learning

Hive operating architecture and configuration and deployment

Hive details: click here
Hive: click here

This article permanently updates the link address: