Cross-Site Scripting Vulnerability in Apache Hadoop HDFS Web UI
CVE-2017-3161

6.1MEDIUM

Key Information:

Vendor

Apache
Status
Apache Hadoop
Vendor
CVE Published:
26 April 2017

What is CVE-2017-3161?

The HDFS web user interface in Apache Hadoop prior to version 2.7.0 is susceptible to cross-site scripting (XSS) attacks due to insufficient sanitization of query parameters. Attackers can exploit this flaw by crafting malicious requests, allowing them to execute arbitrary scripts in the user's browser context. This vulnerability can lead to unauthorized access and manipulation of user data, posing significant security risks if left unaddressed.

Affected Version(s)

Apache Hadoop 2.6.x and earlier

References

http://www.securityfocus.com/bid/98025
vdb-entryx_refsource_BID
https://s.apache.org/4MQm
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r127f75748fcabc63bc5...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.