CVE-2017-3161

Summary

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Hadoop2.6.x and earlieraffected

Weaknesses

  • XSS

ADP Enrichment

CVE Program Container

Additional References

References