漏洞类别:CGI
漏洞等级: 
漏洞信息
Cloudera Hue (Hadoop User Experience) is an open-source Web Interface which supports Apache Hadoop and its ecosystem.
The vulnerability allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.(CVE-2016-4947)
Cloudera Hue is also affected by Multiple cross-site scripting (XSS) vulnerabilities which allows remote attackers to inject arbitrary web script or HTML via the First name or Last name field in the HUE Users page. (CVE-2016-4946)
Affected Versions:
Cloudera Hue 3.9.0 and Prior
漏洞危害
Successful exploitation of the vulnerabilities will allow remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete and XSS attacks.
解决方案
Customers are advised to download the latest version of Cloudera Hue.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论