[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CACO5Y4zUtzG38tkpQZDAeUdz-c69Gg4Q7fz2dLaT0ywdfWQYcA@mail.gmail.com>
Date: Tue, 25 Apr 2017 18:16:08 -0700
From: Chris Douglas <cdouglas@...che.org>
To: user@...oop.apache.org,
"common-dev@...oop.apache.org" <common-dev@...oop.apache.org>,
"general@...oop.apache.org" <general@...oop.apache.org>, "security@...che.org" <security@...che.org>,
full-disclosure@...ts.grok.org.uk, bugtraq <bugtraq@...urityfocus.com>,
oss-security@...ts.openwall.com,
"<security@...oop.apache.org>" <security@...oop.apache.org>
Subject: CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions affected: Hadoop 2.6.x and earlier
Description:
The HDFS web UI is vulnerable to a cross-site scripting (XSS) attack
through an unescaped query parameter.
Mitigation:
Users of Apache Hadoop 2.6.x and earlier should upgrade to Hadoop
2.7.0 or later.
Credit:
This issue was discovered by Sunil Yadav.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJY//OZAAoJEPrQXCrFJpS4YEIP/RfhNS+MHoyc+Qgj2DXlw4NK
yH8RVh2Kg2qnIkl/gaNromzYuJn7EEgBuyeXCkEUax4F2G0zUuVEImxVNPlLGVp3
gvj4tAmpCQ6/JcaklI5p8C5LV1Qe17EnHXZ34eFKXTTej3NyE01o6D4mDYW9pmHG
8JGjZ1FtZpP3YTvqiDrSbXTsSx5bY9uJOaqPrkQAdmTOWRrtnKHF/nS39vrBRJCL
J/gEb3k8/UVco5gOtqFcWSXyNPgZofYCfaGgyWH2wauH8ngD6kEI5Yx1fX5CVDeU
Kpr+mJxNGNqICI8+L84tCuHMXO4Ie0ec4X87VzWX1Bf9FGMfAm8UKapsw69qCJrk
Pszul+d1Wq1gEcOUccbnEuMP0JfOuzer8GQ9FohCRUO26C6DFhN7sgMUFRUEJeia
ElTiolEh9jv+2NssmNkgZH8eK6fKrK5MZR8TankmOUiw++nxJjqCRP/D6aGuEkYR
g7zuS3KBK5G8EmLdT/DTRuakWIsKGDkVic0s/NMrYx+fV3DGUe/2hB4ejXfTHQnU
85fYiyR7l8F4YmVqmCf9fb1FYclJ/J/9QuBHw0X523EKUH+sePOFjBzdiF+Apazp
6I5iaPHlnNS50dCSksMs/hlu3GjcU5ZMm9xG+yBGYN8Ex5sEXKcqVuvw7n6Ju4OH
AZbRxaHoIU5p8U0S237o
=87hK
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
