EUVD-2019-0613

Malware in sbrugna...

GHSA-CG5H-Q983-4RWW Apache Storm remote code execution vulnerability

The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase...

Apache Storm remote code execution vulnerability

The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase...

CVE-2018-11779

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...

Code injection

The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-3188

The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-3188

The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-3188

The CVE-2015-3188 issue affects Apache Storm UI daemon: Storm 0.10.0-beta (before 0.10.0-beta1) allows remote attackers to execute arbitrary code via unspecified vectors. The root cause is the UI daemon handling requests in a way that permits code execution when exposed to unauthenticated/remote ...

[CVE-2015-3188] Apache Storm remote code execution vulnerability

CVE-2015-3188: Apache Storm remote code execution vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Storm 0.10.0-beta Description: The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web serve...