← voltar
CVE-2017-9799

CVE-2017-9799

EPSS 4.9%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 4.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 ago 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.
Produtos afetados
Apache Software Foundation · Apache Storm

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127%40%3Cdev.storm.apache.org%3Ehttp://www.securityfocus.com/bid/100235http://www.securitytracker.com/id/1039116