Incomplete Security Fix in Apache Hadoop 2.7.4 to 2.7.6 Allows Arbitrary Command Execution as Root User

Incomplete Security Fix in Apache Hadoop 2.7.4 to 2.7.6 Allows Arbitrary Command Execution as Root User

CVE-2018-11766 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.

Learn more about our Cis Benchmark Audit For Apache Http Server.