Storm Security Vulnerabilities and Issues — Storm CVE List

Lucene search

ApacheStorm

3 matches found

CVE•added 2017/08/09 9:29 p.m.•74 views

CVE-2017-9799

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credent...

8.8CVSS8.5AI score0.00887EPSS

CVE•added 2017/01/13 3:59 p.m.•50 views

CVE-2015-3188

The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.7AI score0.1242EPSS

CVE•added 2017/10/30 4:29 p.m.•35 views

CVE-2014-0115

Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.

7.8CVSS7.4AI score0.00664EPSS