Vulnerability Description
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Hadoop | <= 2.6.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98025Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803
- https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd
- https://s.apache.org/4MQmMailing ListVendor Advisory
- http://www.securityfocus.com/bid/98025Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803
- https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd
- https://s.apache.org/4MQmMailing ListVendor Advisory
FAQ
What is CVE-2017-3161?
CVE-2017-3161 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
How severe is CVE-2017-3161?
CVE-2017-3161 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3161?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Hadoop.