漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails
Vulnerability Description
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12
CVSS Information
N/A
Vulnerability Type
通过错误消息导致的信息暴露
Vulnerability Title
Apache Hive和Apache Spark 安全漏洞
Vulnerability Description
Apache Hive和Apache Spark都是美国阿帕奇(Apache)基金会的产品。Apache Hive是一套基于Hadoop(分布式系统基础架构)的数据仓库软件。该软件提供了一个数据集成方法和一种高级的查询语言,以支持在Hadoop上进行大规模数据分析。Apache Spark是一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Hive和Apache Spark存在安全漏洞,该漏洞源于当当前 Cookie 和预期 Cookie 的签名不匹配时,Apache Hive 的服务组
CVSS Information
N/A
Vulnerability Type
N/A