Apache Hadoop Jetty XSS

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server has a cross-site scripting vulnerability.

Description :

The version of Apache Hadoop running on the remote host has a cross-
site scripting vulnerability. This is due to a bug in Jetty, the
underlying web server. When Jetty displays a directory listing,
arbitrary text can be inserted into the page. This affects all
Hadoop components that use the Jetty web server.

A remote attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
script code.

It is likely this version of Hadoop has other security vulnerabilities,
though Nessus did not check for those issues.

See also :


Solution :

Upgrade to Hadoop or a later, stable version.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 55975 ()

Bugtraq ID: 34800

CVE ID: CVE-2009-1524

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now