This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server has a cross-site scripting vulnerability.
The version of Apache Hadoop running on the remote host has a cross-
site scripting vulnerability. This is due to a bug in Jetty, the
underlying web server. When Jetty displays a directory listing,
arbitrary text can be inserted into the page. This affects all
Hadoop components that use the Jetty web server.
A remote attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
It is likely this version of Hadoop has other security vulnerabilities,
though Nessus did not check for those issues.
See also :
Upgrade to Hadoop 0.20.203.0 or a later, stable version.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true