nuclei-templates/vulnerabilities/other/yarn-resourcemanager-rce.yaml

27 lines
673 B
YAML
Raw Normal View History

id: yarn-resourcemanager-rce
info:
name: Apache Yarn ResourceManager RCE
2021-04-06 06:46:11 +00:00
author: pdteam
severity: low
2021-10-26 12:25:34 +00:00
description: A vulnerability in Apache Yarn ResourceManager allows remote unauthenticated users to cause the product to execute arbitrary code.
reference:
- https://neerajsabharwal.medium.com/hadoop-yarn-hack-9a72cc1328b6
tags: apache,rce
requests:
- method: POST
path:
- '{{BaseURL}}/ws/v1/cluster/apps/new-application'
2021-02-24 15:58:48 +00:00
matchers-condition: and
matchers:
- type: word
words:
2021-02-24 15:58:48 +00:00
- application-id
- maximum-resource-capability
condition: and
- type: status
status:
- 200