47 matches found
Apache Spark - Unauthenticated Command Execution Exploit
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it. This module requires Metasploit:...
Apache Spark Authentication Control Vulnerability
Apache Spark is a large-scale data processing engine that supports acyclic data streams and in-memory computing from the Apache Software Foundation. A security vulnerability exists in Apache Spark versions 1.3.0 and later, which is caused by a standalone master or a Mesos master with cluster mode...
CVE-2018-11770
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...
Junos OS Denial of Service Vulnerability in Multiple Juniper Networks Products
Juniper SRX1400 and others are firewall appliances from Juniper Networks, Inc.Junos OS is the operating system that runs on them. A security vulnerability exists in the high availability cluster configuration mode of Junos OS versions 12.3X48 and 15.1X49 in various Juniper Networks products. An...
iOS 11 MDM-enrolled Device Issues with XenMobile in Cluster Mode
MDM commands may try to deploy multiple times on an MDM-enrolled iOS 11 device and may fail to complete successfully. An admin attempting to push MDM policies to an iOS 11 device, deploy applications, or carry out security actions such as Lock or Wipe may not be able to successfully to do. The us...
Juniper SRX Series Appliance Junos OS Denial of Service Vulnerability
Juniper SRX Series devices are an SRX Series gateway device from Juniper Networks, Inc.Junos OS is the operating system used in them. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in the cluster mode of Junos OS versions 12.1X46,...
CVE-2017-10604
CVE-2017-10604 affects Juniper SRX Series devices running Junos OS in cluster mode. The issue arises when account lockout is enabled: an unauthenticated user making failed root login attempts can trigger root lockout, which in turn causes cluster sync or failover errors. Affected releases are SRX...