Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 25 Apr 2017 18:16:08 -0700
From: Chris Douglas <cdouglas@...che.org>
To: user@...oop.apache.org, 
	"common-dev@...oop.apache.org" <common-dev@...oop.apache.org>, 
	"general@...oop.apache.org" <general@...oop.apache.org>, "security@...che.org" <security@...che.org>, 
	full-disclosure@...ts.grok.org.uk, bugtraq <bugtraq@...urityfocus.com>, 
	oss-security@...ts.openwall.com, 
	"<security@...oop.apache.org>" <security@...oop.apache.org>
Subject: CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions affected: Hadoop 2.6.x and earlier

Description:
The HDFS web UI is vulnerable to a cross-site scripting (XSS) attack
through an unescaped query parameter.

Mitigation:
Users of Apache Hadoop 2.6.x and earlier should upgrade to Hadoop
2.7.0 or later.

Credit:
This issue was discovered by Sunil Yadav.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJY//OZAAoJEPrQXCrFJpS4YEIP/RfhNS+MHoyc+Qgj2DXlw4NK
yH8RVh2Kg2qnIkl/gaNromzYuJn7EEgBuyeXCkEUax4F2G0zUuVEImxVNPlLGVp3
gvj4tAmpCQ6/JcaklI5p8C5LV1Qe17EnHXZ34eFKXTTej3NyE01o6D4mDYW9pmHG
8JGjZ1FtZpP3YTvqiDrSbXTsSx5bY9uJOaqPrkQAdmTOWRrtnKHF/nS39vrBRJCL
J/gEb3k8/UVco5gOtqFcWSXyNPgZofYCfaGgyWH2wauH8ngD6kEI5Yx1fX5CVDeU
Kpr+mJxNGNqICI8+L84tCuHMXO4Ie0ec4X87VzWX1Bf9FGMfAm8UKapsw69qCJrk
Pszul+d1Wq1gEcOUccbnEuMP0JfOuzer8GQ9FohCRUO26C6DFhN7sgMUFRUEJeia
ElTiolEh9jv+2NssmNkgZH8eK6fKrK5MZR8TankmOUiw++nxJjqCRP/D6aGuEkYR
g7zuS3KBK5G8EmLdT/DTRuakWIsKGDkVic0s/NMrYx+fV3DGUe/2hB4ejXfTHQnU
85fYiyR7l8F4YmVqmCf9fb1FYclJ/J/9QuBHw0X523EKUH+sePOFjBzdiF+Apazp
6I5iaPHlnNS50dCSksMs/hlu3GjcU5ZMm9xG+yBGYN8Ex5sEXKcqVuvw7n6Ju4OH
AZbRxaHoIU5p8U0S237o
=87hK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.