漏洞类别:CGI
漏洞等级: 
漏洞信息
Apache Hadoop is an open-source software framework used for distributed storage and processing of big data sets using the MapReduce programming model.
Apache Hadoop versions prior to 2.7.0 contain the following vulnerabilities:
CVE-2017-3161: The HDFS web UI in Apache Hadoop is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
CVE-2017-3162: HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in vulnerable Apache Hadoop versions.
Affected Versions:
Apache Hadoop 2.6.x and prior
QID Detection Logic:
This QID matches the versions of vulnerable Apache Hadoop installations by launching a hadoop version request.
漏洞危害
Depending on the vulnerability being exploited, a remote attacker could pass malicious input or conduct cross-site scripting attacks against a targeted server.
解决方案
Customers are advised to upgrade to Apache Hadoop 2.7.0 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论