2 matches found
Information Disclosure
hadoop-hdfs-client is vulnerable to information disclosure. The application allows the sending of authentication credentials over an insecure HTTP channel. An attacker is able to intercept the network traffic and obtain the SPNEGO authorization header and gain access to the server...
Code injection
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...