Lucene search
GoogleOSV:GHSA-CG5H-Q983-4RWWHistoryMay 14, 2022 - 2:48 a.m.
Apache Storm remote code execution vulnerability
2022-05-1402:48:54
Google
osv.dev
3
0.02 Low
EPSS
Percentile
88.8%
The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.storm:storm | eq | 0.10.0-beta |
References
packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html
github.com/apache/storm/blob/v0.10.0-beta1/SECURITY.md
github.com/apache/storm/blob/v0.10.0-beta1/STORM-UI-REST-API.md
nvd.nist.gov/vuln/detail/CVE-2015-3188
web.archive.org/web/20151014213052/www.securitytracker.com/id/1032695
web.archive.org/web/20171202122914/www.securityfocus.com/archive/1/535804/100/0/threaded
Related
securityvulns
securityvulns
Apache Storm code execution
2015-07-05 00:00:00
[CVE-2015-3188] Apache Storm remote code execution vulnerability
2015-07-05 00:00:00
github
github
Apache Storm remote code execution vulnerability
2022-05-14 02:48:54
nvd
nvd
CVE-2015-3188
2017-01-13 15:59:00
cvelist
cvelist
CVE-2015-3188
2017-01-13 15:00:00
cve
cve
CVE-2015-3188
2017-01-13 15:59:00
prion
prion
Code injection
2017-01-13 15:59:00