CVE-2016-3086
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-3086
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Hadoop 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Hadoop是美国阿帕奇(Apache)软件基金会的一套开源的分布式系统基础架构,它能够对大量数据进行分布式处理,并具有高可靠性、高扩展性、高容错性等特点。 Apache Hadoop 2.6.5之前的2.6.x版本和2.7.3之前的2.7.x版本中的YARN NodeManager存在安全漏洞。远程攻击者可利用该漏洞获取密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Hadoop | 2.6.0 to 2.6.4 | - |
II. Public POCs for CVE-2016-3086
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-3086
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Apache Hadoop
- CVE-2024-23454
Apache Hadoop: Temporary File Local Information Disclosure - CVE-2023-26031
Privilege escalation in Apache Hadoop Yarn container-executo - CVE-2021-25642
Apache Hadoop YARN remote code execution in ZKConfigurationS - CVE-2022-25168
Command injection in org.apache.hadoop.fs.FileUtil.unTarUsin - CVE-2021-33036
Apache Hadoop Privilege escalation vulnerability
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
V. Comments for CVE-2016-3086
No comments yet