[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Apache Hadoop DataNode Missed Validation Vulnerability

Author
Sunil Yadav
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-27683
Category
remote exploits
Date add
26-04-2017
Platform
multiple
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions affected: Hadoop 2.6.x and earlier

Description:
HDFS clients interact with a servlet on the DataNode to browse the
HDFS namespace. The NameNode is provided as a query parameter that is
not validated.

Mitigation:
Users of Apache Hadoop 2.6.x and earlier should upgrade to Hadoop
2.7.0 or later.

Credit:
This issue was discovered by Sunil Yadav.

#  0day.today [2024-12-24]  #