Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Hadoop cluster web interface

Description

The Hadoop cluster web interface is publicly accessible. This is not recommended on production systems.

Remediation

It's recommended to restrict access to this web interface.

References

Raining Shells - Ambari "0-day"

Hadoop MapReduce Next Generation - Setting up a Single Node Cluster.

Related Vulnerabilities

Pyramid DebugToolbar enabled

TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15099)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.27)

MongoDb Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6494)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration