oss-sec mailing list archives
CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability
From: Chris Douglas <cdouglas () apache org>
Date: Tue, 25 Apr 2017 18:16:08 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions affected: Hadoop 2.6.x and earlier Description: The HDFS web UI is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. Mitigation: Users of Apache Hadoop 2.6.x and earlier should upgrade to Hadoop 2.7.0 or later. Credit: This issue was discovered by Sunil Yadav. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJY//OZAAoJEPrQXCrFJpS4YEIP/RfhNS+MHoyc+Qgj2DXlw4NK yH8RVh2Kg2qnIkl/gaNromzYuJn7EEgBuyeXCkEUax4F2G0zUuVEImxVNPlLGVp3 gvj4tAmpCQ6/JcaklI5p8C5LV1Qe17EnHXZ34eFKXTTej3NyE01o6D4mDYW9pmHG 8JGjZ1FtZpP3YTvqiDrSbXTsSx5bY9uJOaqPrkQAdmTOWRrtnKHF/nS39vrBRJCL J/gEb3k8/UVco5gOtqFcWSXyNPgZofYCfaGgyWH2wauH8ngD6kEI5Yx1fX5CVDeU Kpr+mJxNGNqICI8+L84tCuHMXO4Ie0ec4X87VzWX1Bf9FGMfAm8UKapsw69qCJrk Pszul+d1Wq1gEcOUccbnEuMP0JfOuzer8GQ9FohCRUO26C6DFhN7sgMUFRUEJeia ElTiolEh9jv+2NssmNkgZH8eK6fKrK5MZR8TankmOUiw++nxJjqCRP/D6aGuEkYR g7zuS3KBK5G8EmLdT/DTRuakWIsKGDkVic0s/NMrYx+fV3DGUe/2hB4ejXfTHQnU 85fYiyR7l8F4YmVqmCf9fb1FYclJ/J/9QuBHw0X523EKUH+sePOFjBzdiF+Apazp 6I5iaPHlnNS50dCSksMs/hlu3GjcU5ZMm9xG+yBGYN8Ex5sEXKcqVuvw7n6Ju4OH AZbRxaHoIU5p8U0S237o =87hK -----END PGP SIGNATURE-----
Current thread:
- CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability Chris Douglas (Apr 25)