CVE-2017-3162

Published: Apr 26, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

Vendor	Product	Versions
Apache Software Foundation	Apache Hadoop	affected `2.6.x and earlier`

References

98017

vdb-entry

x_refsource_BID

[hadoop-common-dev] 20170425 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability

mailing-list

x_refsource_MLIST

[hadoop-user] 20200604 Re: CVE-2017-3161 & CVE-2017-3162 | WhiteSource

mailing-list

x_refsource_MLIST

[flink-user] 20210703 Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-3162

Description

Affected Products

References