Vulnerabilites related to Apache - Storm
CVE-2018-8008 (GCVE-0-2018-8008)
Vulnerability from cvelistv5
Published
2018-06-05 19:00
Modified
2024-09-16 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary File Write
Summary
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Storm |
Version: Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58%40%3Cdev.storm.apache.org%3E"
},
{
"name": "104418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier"
}
]
}
],
"datePublic": "2018-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-09T09:57:02",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58%40%3Cdev.storm.apache.org%3E"
},
{
"name": "104418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2018-8008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Storm",
"version": {
"version_data": [
{
"version_value": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E",
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E"
},
{
"name": "104418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8008",
"datePublished": "2018-06-05T19:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-16T16:38:31.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11779 (GCVE-0-2018-11779)
Vulnerability from cvelistv5
Published
2019-07-25 23:23
Modified
2024-08-05 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[storm-user] 20190724 [CVE-2018-11779] Apache Storm UI Java deserialization vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3e4f704c4bd9296405a07a0290b8cbb6cbf5046e277efe6d93280a98%40%3Cuser.storm.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Storm",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "1.1.0 to 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T23:23:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[storm-user] 20190724 [CVE-2018-11779] Apache Storm UI Java deserialization vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3e4f704c4bd9296405a07a0290b8cbb6cbf5046e277efe6d93280a98%40%3Cuser.storm.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Storm",
"version": {
"version_data": [
{
"version_value": "1.1.0 to 1.2.2"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[storm-user] 20190724 [CVE-2018-11779] Apache Storm UI Java deserialization vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3e4f704c4bd9296405a07a0290b8cbb6cbf5046e277efe6d93280a98@%3Cuser.storm.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11779",
"datePublished": "2019-07-25T23:23:01",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-08-05T08:17:09.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43123 (GCVE-0-2023-43123)
Vulnerability from cvelistv5
Published
2023-11-23 09:16
Modified
2025-02-13 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.
The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.
File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set.
This affects the class https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 and was introduced by https://issues.apache.org/jira/browse/STORM-3123
In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring
is set to false, but its value is true by default.
Moreover, the temporary file gets deleted soon after its creation.
The solution is to use Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) instead.
We recommend that all users upgrade to the latest version of Apache Storm.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Storm |
Version: 2.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "affected",
"packageName": "storm-core",
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "2.0.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Cosentino from Apache Software Foundation"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eOn unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.\u003cbr\u003e\u003cbr\u003eThe method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eFile.createTempFile(String, String) will create a temporary file in the system temporary directory if the \u0027java.io.tmpdir\u0027 system property is not explicitly set. \u003cbr\u003e\u003cbr\u003eThis affects the class\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99\"\u003ehttps://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99\u003c/a\u003e\u0026nbsp;and was introduced by\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://issues.apache.org/jira/browse/STORM-3123\"\u003ehttps://issues.apache.org/jira/browse/STORM-3123\u003c/a\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eIn practice, this has a very limited impact as this class is used only if\u0026nbsp;\u003cspan style=\"background-color: rgb(206, 204, 247);\"\u003eui.disable.spout.lag.monitoring\u003c/span\u003e\u003c/div\u003e \u003cdiv\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eis set to false, but its value is true by default.\u003cbr\u003eMoreover, the temporary file gets deleted soon after its creation.\u003cbr\u003e\u003cbr\u003eThe solution is to use\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--hig);\"\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...)\"\u003eFiles.createTempFile\u003c/a\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;instead.\u003cbr\u003e\u003cbr\u003eWe recommend that all users upgrade to the latest version of Apache Storm.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.\n\nThe method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.\n\nFile.createTempFile(String, String) will create a temporary file in the system temporary directory if the \u0027java.io.tmpdir\u0027 system property is not explicitly set. \n\nThis affects the class\u00a0 https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 \u00a0and was introduced by\u00a0 https://issues.apache.org/jira/browse/STORM-3123 \n\nIn practice, this has a very limited impact as this class is used only if\u00a0ui.disable.spout.lag.monitoring\n\n is set to false, but its value is true by default.\nMoreover, the temporary file gets deleted soon after its creation.\n\nThe solution is to use\u00a0 Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) \u00a0instead.\n\nWe recommend that all users upgrade to the latest version of Apache Storm."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-23T09:20:06.031Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/23/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-43123",
"datePublished": "2023-11-23T09:16:34.705Z",
"dateReserved": "2023-09-18T11:00:41.170Z",
"dateUpdated": "2025-02-13T17:13:14.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0202 (GCVE-0-2019-0202)
Vulnerability from cvelistv5
Published
2019-07-25 23:17
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[storm-user] 20190724 [CVE-2019-0202] Apache Storm Logviewer file system access vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Storm",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "0.9.1-incubating to 1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host\u0027s file system that were not intended to be accessible via these endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T23:17:23",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[storm-user] 20190724 [CVE-2019-0202] Apache Storm Logviewer file system access vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Storm",
"version": {
"version_data": [
{
"version_value": "0.9.1-incubating to 1.2.2"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host\u0027s file system that were not intended to be accessible via these endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[storm-user] 20190724 [CVE-2019-0202] Apache Storm Logviewer file system access vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f@%3Cuser.storm.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0202",
"datePublished": "2019-07-25T23:17:23",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3188 (GCVE-0-2015-3188)
Vulnerability from cvelistv5
Published
2017-01-13 15:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032695"
},
{
"name": "20150620 [CVE-2015-3188] Apache Storm remote code execution vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535804/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1032695",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032695"
},
{
"name": "20150620 [CVE-2015-3188] Apache Storm remote code execution vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535804/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032695",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032695"
},
{
"name": "20150620 [CVE-2015-3188] Apache Storm remote code execution vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535804/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3188",
"datePublished": "2017-01-13T15:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0115 (GCVE-0-2014-0115)
Vulnerability from cvelistv5
Published
2017-10-30 16:00
Modified
2024-08-06 09:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[storm-dev] 20140429 [jira] [Commented] (STORM-269) Any readable file exposed via UI log viewer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/STORM-269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-30T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[storm-dev] 20140429 [jira] [Commented] (STORM-269) Any readable file exposed via UI log viewer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/STORM-269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[storm-dev] 20140429 [jira] [Commented] (STORM-269) Any readable file exposed via UI log viewer",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645@arcas%3E"
},
{
"name": "https://issues.apache.org/jira/browse/STORM-269",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/STORM-269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0115",
"datePublished": "2017-10-30T16:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38294 (GCVE-0-2021-38294)
Vulnerability from cvelistv5
Published
2021-10-25 12:22
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Apache Software Foundation | Apache Storm |
Version: v1.0.0 < Apache Storm* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2021/q4/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Non-Windows"
],
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Apache Storm*",
"status": "affected",
"version": "v1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "v2.1.1",
"status": "unaffected"
},
{
"at": "v2.2.1",
"status": "unaffected"
},
{
"at": "v2.3.0",
"status": "unaffected"
}
],
"lessThan": "v1.2.4",
"status": "affected",
"version": "Apache Storm",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Storm would like to thank @pwntester Alvaro Mu\u00f1oz of the GitHub Security Lab team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication."
}
],
"metrics": [
{
"other": {
"content": {
"other": "high"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:06:14",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2021/q4/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Shell Command Injection Vulnerability in Nimbus Thrift Server",
"workarounds": [
{
"lang": "en",
"value": "Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0\nApache Storm 2.1.x users should upgrade to version 2.1.1\nApache Storm 1.x users should upgrade to version 1.2.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-38294",
"STATE": "PUBLIC",
"TITLE": "Shell Command Injection Vulnerability in Nimbus Thrift Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Storm",
"version": {
"version_data": [
{
"platform": "Non-Windows",
"version_affected": "\u003e=",
"version_name": "Apache Storm",
"version_value": "v1.0.0"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v1.2.4"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v2.1.1"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v2.2.1"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v2.3.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Storm would like to thank @pwntester Alvaro Mu\u00f1oz of the GitHub Security Lab team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E"
},
{
"name": "https://seclists.org/oss-sec/2021/q4/44",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2021/q4/44"
},
{
"name": "http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0\nApache Storm 2.1.x users should upgrade to version 2.1.1\nApache Storm 1.x users should upgrade to version 1.2.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-38294",
"datePublished": "2021-10-25T12:22:36",
"dateReserved": "2021-08-09T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1331 (GCVE-0-2018-1331)
Vulnerability from cvelistv5
Published
2018-07-10 17:00
Modified
2024-09-16 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Storm |
Version: 0.10.0 through 0.10.2 Version: 1.0.0 through 1.0.6 Version: 1.1.0 through 1.1.2 Version: 1.2.0 through 1.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://storm.apache.org/2018/06/04/storm122-released.html"
},
{
"name": "[oss-security] 20180710 CVE-2018-1331: Apache Storm remote code execution vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/10/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://storm.apache.org/2018/06/04/storm113-released.html"
},
{
"name": "104732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104732"
},
{
"name": "1041273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.10.0 through 0.10.2"
},
{
"status": "affected",
"version": "1.0.0 through 1.0.6"
},
{
"status": "affected",
"version": "1.1.0 through 1.1.2"
},
{
"status": "affected",
"version": "1.2.0 through 1.2.1"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://storm.apache.org/2018/06/04/storm122-released.html"
},
{
"name": "[oss-security] 20180710 CVE-2018-1331: Apache Storm remote code execution vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/10/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://storm.apache.org/2018/06/04/storm113-released.html"
},
{
"name": "104732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104732"
},
{
"name": "1041273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-1331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Storm",
"version": {
"version_data": [
{
"version_value": "0.10.0 through 0.10.2"
},
{
"version_value": "1.0.0 through 1.0.6"
},
{
"version_value": "1.1.0 through 1.1.2"
},
{
"version_value": "1.2.0 through 1.2.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://storm.apache.org/2018/06/04/storm122-released.html",
"refsource": "CONFIRM",
"url": "http://storm.apache.org/2018/06/04/storm122-released.html"
},
{
"name": "[oss-security] 20180710 CVE-2018-1331: Apache Storm remote code execution vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/07/10/4"
},
{
"name": "http://storm.apache.org/2018/06/04/storm113-released.html",
"refsource": "CONFIRM",
"url": "http://storm.apache.org/2018/06/04/storm113-released.html"
},
{
"name": "104732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104732"
},
{
"name": "1041273",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1331",
"datePublished": "2018-07-10T17:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-16T17:48:08.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9799 (GCVE-0-2017-9799)
Vulnerability from cvelistv5
Published
2017-08-09 21:00
Modified
2024-09-17 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- code execution as a different user.
Summary
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Storm |
Version: 1.0.0 through 1.0.3 Version: 1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170809 [CVE-2017-9799] Apache Storm Possible Code Execution As A Different User",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127%40%3Cdev.storm.apache.org%3E"
},
{
"name": "100235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100235"
},
{
"name": "1039116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 through 1.0.3"
},
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"datePublic": "2017-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution as a different user.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170809 [CVE-2017-9799] Apache Storm Possible Code Execution As A Different User",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127%40%3Cdev.storm.apache.org%3E"
},
{
"name": "100235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100235"
},
{
"name": "1039116",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-08-09T00:00:00",
"ID": "CVE-2017-9799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Storm",
"version": {
"version_data": [
{
"version_value": "1.0.0 through 1.0.3"
},
{
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution as a different user."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170809 [CVE-2017-9799] Apache Storm Possible Code Execution As A Different User",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127@%3Cdev.storm.apache.org%3E"
},
{
"name": "100235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100235"
},
{
"name": "1039116",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-9799",
"datePublished": "2017-08-09T21:00:00Z",
"dateReserved": "2017-06-21T00:00:00",
"dateUpdated": "2024-09-17T02:06:16.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1332 (GCVE-0-2018-1332)
Vulnerability from cvelistv5
Published
2018-06-05 19:00
Modified
2024-09-16 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- User Impersonation
Summary
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Storm |
Version: Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E"
},
{
"name": "104399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier"
}
]
}
],
"datePublic": "2018-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "User Impersonation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E"
},
{
"name": "104399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2018-1332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Storm",
"version": {
"version_data": [
{
"version_value": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Impersonation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4@%3Cdev.storm.apache.org%3E",
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4@%3Cdev.storm.apache.org%3E"
},
{
"name": "104399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1332",
"datePublished": "2018-06-05T19:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-16T16:23:01.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40865 (GCVE-0-2021-40865)
Vulnerability from cvelistv5
Published
2021-10-25 12:22
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Storm |
Version: v1.0.0 < Apache Storm * Version: Apache Storm < v1.2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2021/q4/45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Apache Storm *",
"status": "affected",
"version": "v1.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "v2.1.1",
"status": "unaffected"
},
{
"at": "v2.2.1",
"status": "unaffected"
},
{
"at": "v2.3.0",
"status": "unaffected"
}
],
"lessThan": "v1.2.4",
"status": "affected",
"version": "Apache Storm",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Storm would like to thank @pwntester Alvaro Mu\u00f1oz of the GitHub Security Lab team for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4"
}
],
"metrics": [
{
"other": {
"content": {
"other": "high"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-25T12:22:37",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2021/q4/45"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unsafe Pre-Authentication Deserialization In Workers",
"workarounds": [
{
"lang": "en",
"value": "Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0\nApache Storm 2.1.x users should upgrade to version 2.1.1\nApache Storm 1.x users should upgrade to version 1.2.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-40865",
"STATE": "PUBLIC",
"TITLE": "Unsafe Pre-Authentication Deserialization In Workers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Storm",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Apache Storm ",
"version_value": "v1.0.0"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v1.2.4"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v2.1.1"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v2.2.1"
},
{
"version_affected": "\u003c",
"version_name": "Apache Storm",
"version_value": "v2.3.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Storm would like to thank @pwntester Alvaro Mu\u00f1oz of the GitHub Security Lab team for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E"
},
{
"name": "https://seclists.org/oss-sec/2021/q4/45",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2021/q4/45"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0\nApache Storm 2.1.x users should upgrade to version 2.1.1\nApache Storm 1.x users should upgrade to version 1.2.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-40865",
"datePublished": "2021-10-25T12:22:37",
"dateReserved": "2021-09-12T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-07-26 00:15
Modified
2024-11-21 04:16
Severity ?
Summary
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F42204EB-4F77-45CE-82AA-55167E07F25B",
"versionEndIncluding": "1.2.2",
"versionStartIncluding": "0.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:0.9.1:incubating:*:*:*:*:*:*",
"matchCriteriaId": "2FA6B847-56A1-4875-B831-00D927691FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:0.9.2:incubating:*:*:*:*:*:*",
"matchCriteriaId": "9EA5AA13-CA46-4AB0-919C-929201F2857B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host\u0027s file system that were not intended to be accessible via these endpoints."
},
{
"lang": "es",
"value": "El demonio de Apache Storm Logviewer expone los endpoints accesibles de HTTP para leer y buscar archivos de registro en hosts que ejecutan Storm. En las versiones 0.9.1-incubating hasta 1.2.2 de Apache Storm, es posible leer archivos del sistema de archivos del host que no estaban destinados a ser accesibles por medio de estos endpoints."
}
],
"id": "CVE-2019-0202",
"lastModified": "2024-11-21T04:16:28.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-26T00:15:11.027",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/220f1a77ff20749326a4c130446c5521db854da0afe81d1974b8109f%40%3Cuser.storm.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-30 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:0.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5EC92E-2434-4CFA-8998-099B99E57A30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el visor de registros en Apache Storm 0.9.0.1 permite que atacantes remotos lean archivos arbitrarios mediante un .. (punto punto) en el par\u00e1metro file en log."
}
],
"id": "CVE-2014-0115",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-30T16:29:00.317",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/STORM-269"
},
{
"source": "secalert@redhat.com",
"url": "https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/STORM-269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-05 19:29
Modified
2024-11-21 04:13
Severity ?
Summary
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265E8751-BB87-4F1F-8271-D35DB199C986",
"versionEndIncluding": "1.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "540EA459-08DF-43BF-B9BD-866B00B977FA",
"versionEndIncluding": "1.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF46C169-8C83-4DA2-AFDC-B41D5B5F5139",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder."
},
{
"lang": "es",
"value": "Apache Storm en versiones 1.0.6 y anteriores, 1.2.1 y anteriores y versiones 1.1.2 y anteriores expone una vulnerabilidad de escritura de archivos arbitrarios, que puede lograrse empleando un archivo zip especialmente m anipulado (afecta tambi\u00e9n a otros archivos, como bzip2, tar, xz, war, cpio o 7z) que contiene nombres de archivo de salto de directorio. Por lo tanto, cuando el nombre de archivo se concatena al directorio de extracci\u00f3n objetivo, la ruta final acaba fuera de la carpeta objetivo."
}
],
"id": "CVE-2018-8008",
"lastModified": "2024-11-21T04:13:04.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-05T19:29:00.277",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104418"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58%40%3Cdev.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58%40%3Cdev.storm.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-25 13:15
Modified
2024-11-21 06:16
Severity ?
Summary
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security@apache.org | https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E | Mailing List, Vendor Advisory | |
| security@apache.org | https://seclists.org/oss-sec/2021/q4/44 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/oss-sec/2021/q4/44 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE613C03-8B01-4BDF-8386-81D463DB24BD",
"versionEndExcluding": "1.2.4",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A86308-A958-4EC5-BFFF-87DDE964A6DA",
"versionEndExcluding": "2.1.1",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDC8657-39A9-4392-93D6-440F5EDAA4F0",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n de comandos en el servicio getTopologyHistory de Apache Storm versiones 2.x anteriores a 2.2.1 y Apache Storm versiones 1.x anteriores a 1.2.4. Una petici\u00f3n especialmente dise\u00f1ada al servidor Nimbus permite una ejecuci\u00f3n de c\u00f3digo remota (RCE) antes de la autenticaci\u00f3n"
}
],
"id": "CVE-2021-38294",
"lastModified": "2024-11-21T06:16:44.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-25T13:15:07.957",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2021/q4/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165019/Apache-Storm-Nimbus-2.2.0-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2021/q4/44"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-23 10:15
Modified
2025-02-13 17:17
Severity ?
Summary
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.
The method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.
File.createTempFile(String, String) will create a temporary file in the system temporary directory if the 'java.io.tmpdir' system property is not explicitly set.
This affects the class https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 and was introduced by https://issues.apache.org/jira/browse/STORM-3123
In practice, this has a very limited impact as this class is used only if ui.disable.spout.lag.monitoring
is set to false, but its value is true by default.
Moreover, the temporary file gets deleted soon after its creation.
The solution is to use Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) instead.
We recommend that all users upgrade to the latest version of Apache Storm.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/11/23/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/23/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "570C1752-7F27-4FE5-BE4C-51AE744F493B",
"versionEndExcluding": "2.6.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems.\n\nThe method File.createTempFile on unix-like systems creates a file with predefined name (so easily identifiable) and by default will create this file with the permissions -rw-r--r--. Thus, if sensitive information is written to this file, other local users can read this information.\n\nFile.createTempFile(String, String) will create a temporary file in the system temporary directory if the \u0027java.io.tmpdir\u0027 system property is not explicitly set. \n\nThis affects the class\u00a0 https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 \u00a0and was introduced by\u00a0 https://issues.apache.org/jira/browse/STORM-3123 \n\nIn practice, this has a very limited impact as this class is used only if\u00a0ui.disable.spout.lag.monitoring\n\n is set to false, but its value is true by default.\nMoreover, the temporary file gets deleted soon after its creation.\n\nThe solution is to use\u00a0 Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) \u00a0instead.\n\nWe recommend that all users upgrade to the latest version of Apache Storm."
},
{
"lang": "es",
"value": "En sistemas tipo Unix, el directorio temporal se comparte entre todos los usuarios. Como tal, escribir en este directorio utilizando API que no establecen expl\u00edcitamente los permisos de archivo/directorio puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Es de destacar que esto no afecta a los sistemas operativos MacOS modernos. El m\u00e9todo File.createTempFile en sistemas tipo Unix crea un archivo con un nombre predefinido (f\u00e1cilmente identificable) y, de forma predeterminada, crear\u00e1 este archivo con los permisos -rw-r--r--. Por lo tanto, si se escribe informaci\u00f3n confidencial en este archivo, otros usuarios locales pueden leer esta informaci\u00f3n. File.createTempFile(String, String) crear\u00e1 un archivo temporal en el directorio temporal del sistema si la propiedad del sistema \u0027java.io.tmpdir\u0027 no est\u00e1 configurada expl\u00edcitamente. Esto afecta a la clase https://github.com/apache/storm/blob/master/storm-core/src/jvm/org/apache/storm/utils/TopologySpoutLag.java#L99 y fue introducido por https://issues.apache.org/jira/browse/STORM-3123 En la pr\u00e1ctica, esto tiene un impacto muy limitado ya que esta clase se usa solo si ui.disable.spout.lag.monitoring est\u00e1 configurado en falso, pero su valor es verdadero de forma predeterminada. Adem\u00e1s, el archivo temporal se elimina poco despu\u00e9s de su creaci\u00f3n. La soluci\u00f3n es utilizar Files.createTempFile https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/nio/file/Files.html#createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute...) en su lugar. Recomendamos que todos los usuarios actualicen a la \u00faltima versi\u00f3n de Apache Storm."
}
],
"id": "CVE-2023-43123",
"lastModified": "2025-02-13T17:17:12.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-23T10:15:07.727",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/23/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/88oc1vqfjtr29cz5xts0v2wm5pmhbm0l"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/535804/100/0/threaded | ||
| secalert@redhat.com | http://www.securitytracker.com/id/1032695 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/535804/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032695 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:0.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "A722448D-AA0E-4178-9730-AA11684EEA96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "El demonio IU en Apache Storm 0.10.0 en versiones anteriores a 0.10.0-beta1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados.."
}
],
"id": "CVE-2015-3188",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T15:59:00.153",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/535804/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535804/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032695"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-09 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2448C-5AE6-4EB1-A55F-32F615720C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8266020D-09C4-4C21-A8F6-FE303D9E2B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED31B67-186C-4711-B8C9-D3E8FB9A6142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B52BFD-75D3-4504-9A11-749964F053E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13FD2CFF-2B4C-445A-80FE-ACAFFE4A70AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised."
},
{
"lang": "es",
"value": "**RECHAZADA** NO UTILICE ESTE N\u00daMERO DE CANDIDATO. ConsultIDs: none. Motivo: Este candidato ha sido retirado por su CNA. Estudios en mayor profundidad han determinado que no exist\u00eda un problema de seguridad."
}
],
"id": "CVE-2017-9799",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T21:29:01.633",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100235"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039116"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127%40%3Cdev.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127%40%3Cdev.storm.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-25 13:15
Modified
2024-11-21 06:24
Severity ?
Summary
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E | Mailing List, Vendor Advisory | |
| security@apache.org | https://seclists.org/oss-sec/2021/q4/45 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/oss-sec/2021/q4/45 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE613C03-8B01-4BDF-8386-81D463DB24BD",
"versionEndExcluding": "1.2.4",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A86308-A958-4EC5-BFFF-87DDE964A6DA",
"versionEndExcluding": "2.1.1",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDC8657-39A9-4392-93D6-440F5EDAA4F0",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4"
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de deserializaci\u00f3n no segura en los servicios de trabajadores del servidor supervisor Apache Storm que permite una ejecuci\u00f3n de c\u00f3digo remota (RCE) antes de la autenticaci\u00f3n. Los usuarios de Apache Storm versiones 2.2.x deben actualizar a la versi\u00f3n 2.2.1 o 2.3.0. Los usuarios de Apache Storm 2.1.x deben actualizar a la versi\u00f3n 2.1.1. Los usuarios de Apache Storm 1.x deben actualizar a la versi\u00f3n 1.2.4"
}
],
"id": "CVE-2021-40865",
"lastModified": "2024-11-21T06:24:58.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-25T13:15:08.140",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2021/q4/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2021/q4/45"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-05 19:29
Modified
2024-11-21 03:59
Severity ?
Summary
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265E8751-BB87-4F1F-8271-D35DB199C986",
"versionEndIncluding": "1.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "540EA459-08DF-43BF-B9BD-866B00B977FA",
"versionEndIncluding": "1.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF46C169-8C83-4DA2-AFDC-B41D5B5F5139",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons."
},
{
"lang": "es",
"value": "Apache Storm en versiones 1.0.6 y anteriores, 1.2.1 y anteriores y versiones 1.1.2 y anteriores expone una vulnerabilidad que podr\u00eda permitir que un usuario suplante a otro al comunicarse con algunos demonios Storm."
}
],
"id": "CVE-2018-1332",
"lastModified": "2024-11-21T03:59:38.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-05T19:29:00.217",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104399"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/50f1d6a7af27f49d2e498a9ab2975685302cd8ca47000b7c38f339a4%40%3Cdev.storm.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-26 00:15
Modified
2024-11-21 03:44
Severity ?
Summary
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49F2FF98-7F58-42D1-9164-8E830136B7C3",
"versionEndIncluding": "1.2.2",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class."
},
{
"lang": "es",
"value": "En Apache Storm versiones 1.1.0 hasta 1.2.2, cuando el usuario est\u00e1 usando los m\u00f3dulos storm-kafka-client o storm-kafka, es posible causar que el demonio de la UI de Storm deserialice los bytes proporcionados por el usuario hacia una clase de Java."
}
],
"id": "CVE-2018-11779",
"lastModified": "2024-11-21T03:44:01.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-26T00:15:10.840",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/3e4f704c4bd9296405a07a0290b8cbb6cbf5046e277efe6d93280a98%40%3Cuser.storm.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/3e4f704c4bd9296405a07a0290b8cbb6cbf5046e277efe6d93280a98%40%3Cuser.storm.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-10 17:29
Modified
2024-11-21 03:59
Severity ?
Summary
In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F8BA44-B019-4442-A7F6-4D12CF969834",
"versionEndIncluding": "0.10.2",
"versionStartExcluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E88B9F91-56CE-4E9F-9E57-4DA8923E71FA",
"versionEndIncluding": "1.0.6",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDD2A30-652F-44AB-99EA-687637CCDD15",
"versionEndIncluding": "1.1.2",
"versionStartExcluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04DEC8DB-80F1-4ED9-A7A3-FB561F8E7942",
"versionEndIncluding": "1.2.1",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user."
},
{
"lang": "es",
"value": "En Apache Storm, de la versi\u00f3n 0.10.0 hasta la 0.10.2, de la versi\u00f3n 1.0.0 hasta la 1.0.6, de la versi\u00f3n 1.1.0 hasta la 1.1.2 y de la versi\u00f3n 1.2.0 hasta la 1.2.1, un atacante con acceso a un cl\u00faster storm seguro podr\u00eda, en algunos casos, ejecutar c\u00f3digo arbitrario como otro usuario."
}
],
"id": "CVE-2018-1331",
"lastModified": "2024-11-21T03:59:38.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-10T17:29:00.213",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "http://storm.apache.org/2018/06/04/storm113-released.html"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "http://storm.apache.org/2018/06/04/storm122-released.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/10/4"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104732"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://storm.apache.org/2018/06/04/storm113-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://storm.apache.org/2018/06/04/storm122-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/07/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041273"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}