Vulnerability Details : CVE-2017-3162
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.
Vulnerability category: Input validation
Products affected by CVE-2017-3162
- cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3162
1.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3162
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
7.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST |
CWE ids for CVE-2017-3162
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3162
-
https://s.apache.org/k2ss
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/98017
Apache Hadoop CVE-2017-3162 Input Validation VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E
Re: owasp-dependency-check is flagging flink 1.13 for scala 2.12.7-Apache Mail Archives
-
https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b@%3Cuser.hadoop.apache.org%3E
Re: CVE-2017-3161 & CVE-2017-3162 | WhiteSource - Pony Mail
Jump to