Vulnerability in Apache Hadoop DataNode Web UI Affects Data Handling
CVE-2017-3162

7.3HIGH

Key Information:

Vendor
Apache
Status
Apache Hadoop
Vendor
CVE Published:
26 April 2017

Summary

The vulnerability in Apache Hadoop's DataNode web UI arises from a lack of validation for the NameNode query parameter. HDFS clients interacting with the servlet are exposed to potential security risks, as the arbitrary input can compromise the namespace browsing functionality. This flaw enables unauthorized users to obtain sensitive information about the Hadoop distributed file system, making it essential for users to update to the patched versions or implement protective measures.

Affected Version(s)

Apache Hadoop 2.6.x and earlier

References

http://www.securityfocus.com/bid/98017
vdb-entryx_refsource_BID
https://s.apache.org/k2ss
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r127f75748fcabc63bc5...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.