Home > Vulnerability Database > WS-2016-7073

Mend.io Vulnerability Database

WS-2016-7073

Good to know:

Date: April 12, 2016

Http server in Apache Hadoop versions 2.2.0 to 2.7.7, 2.8.1 to 3.0.0-alpha1 are vulnerable to clickjacking by setting an X-Frame-Options response header in all content responses.

Language: Java

Severity Score

9.6

Related Resources (2)

Url: https://github.com/apache/hadoop/commit/042a3ae960883c263adc76f16d0ea3438d8b12be

Url: https://www.mend.io/vulnerability-database/WS-2016-7073

Severity Score

9.6

Weakness Type (CWE)

Improper Restriction of Rendered UI Layers or Frames

CWE-1021

Top Fix

Upgrade Version

Upgrade to version org.apache.servicemix.bundles:org.apache.servicemix.bundles.hadoop-client - 2.8.1_1

Learn More

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2016-7073

Good to know:

Date: April 12, 2016

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?