Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3376


Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3376
Last Modified 16 Jul 2012 12:00:00
Published 12 Jul 2012 03:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

Vulnerable Systems


  • Apache Hadoop 2.0.0


BID - 54358

BUGTRAQ - 20120706 [CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability

Last Updated: 27 May 2016 10:51:38