Description
The Hadoop cluster web interface is publicly accessible. This is not recommended on production systems.
Remediation
It's recommended to restrict access to this web interface.
References
Raining Shells - Ambari "0-day"
Hadoop MapReduce Next Generation - Setting up a Single Node Cluster.
Related Vulnerabilities
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-8286)
ASP.NET WCF metadata enabled for behavior
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)