Back to search
CVE-2017-3161
Published: Apr 26, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Hadoop | affected 2.6.x and earlier |
References
98025
vdb-entry
x_refsource_BID
[hadoop-common-dev] 20170425 CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability
mailing-list
x_refsource_MLIST
[hadoop-user] 20200604 Re: CVE-2017-3161 & CVE-2017-3162 | WhiteSource
mailing-list
x_refsource_MLIST
[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now