Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-5640

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2017-5640
  • Apache » Impala » Version: 2.7.0
    cpe:2.3:a:apache:impala:2.7.0
  • Apache » Impala » Version: 2.8.0
    cpe:2.3:a:apache:impala:2.8.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved