CVE-2018-8008
- EPSS 15.35%
- Veröffentlicht 05.06.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:04
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cp...
CVE-2014-0115
- EPSS 0.77%
- Veröffentlicht 30.10.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
CVE-2017-9799
- EPSS 0.89%
- Veröffentlicht 09.08.2017 21:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In...
- EPSS 12.42%
- Veröffentlicht 13.01.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.