This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server has a cross-site scripting vulnerability.
The version of Apache Hadoop running on the remote host has a cross-
site scripting vulnerability. This is due to a bug in Jetty, the
underlying web server. When Jetty displays a directory listing,
arbitrary text can be inserted into the page. This affects all
Hadoop components that use the Jetty web server.
A remote attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
It is likely this version of Hadoop has other security vulnerabilities,
though Nessus did not check for those issues.
See also :
Upgrade to Hadoop 0.20.203.0 or a later, stable version.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 55975 ()
Bugtraq ID: 34800
CVE ID: CVE-2009-1524
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.