CVE-2017-3162

CWE-20Improper Input Validation6 documents5 sources
Severity
7.3HIGH
EPSS
1.9%
top 16.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache HadoopApache Software Foundation Apache Hadoop
Timeline
PublishedApr 26
Latest updateMay 13

Description

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages3 packages

NVDapache/hadoop2.6.5
CVEListV5apache_software_foundation/apache_hadoop2.6.x and earlier

🔴Vulnerability Details

3
OSV
Improper Input Validation in Apache Hadoop2022-05-13
GHSA
Improper Input Validation in Apache Hadoop2022-05-13
CVEList
CVE-2017-3162: HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace2017-04-26

💬Community

2
Bugzilla
CVE-2017-3161 CVE-2017-3162 hadoop: Multiple vulnerabilities [fedora-all]2017-05-05
Bugzilla
CVE-2017-3162 CVE-2017-3161 CVE-2017-7669 hadoop: Multiple vulnerabilities2017-05-05