Netapp Snap Creator Framework vulnerabilities

CVE-2016-5710 [MEDIUM] CWE-1021 CVE-2016-5710: NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

CVE-2017-7657 [CRITICAL] CWE-444 CVE-2017-7657: In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default confi In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body

CVE-2016-5372 [MEDIUM] CWE-352 CVE-2016-5372: Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allo Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.

CVE-2016-7172 [HIGH] CWE-200 CVE-2016-7172: NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.