daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: misconfiguration/hadoop-unauth-rce.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-03-22 14:20:11 -04:00
parent d8363ba5a0
commit 6dfb036acf
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
misconfiguration/hadoop-unauth-rce.yaml
View File

@ -1,11 +1,11 @@
id: hadoop-unauth-rce
info:
name: Apache Hadoop - Yarn ResourceManager Remote Code Execution
name: Apache Hadoop YARN ResourceManager - Remote Code Execution
author: pdteam,Couskito
severity: critical
description: |
An unauthenticated Hadoop Resource Manager was discovered, which allows remote code execution by design.
Apache Hadoop YARN ResourceManager is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference:
- http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hadoop_unauth_exec.rb
@ -30,4 +30,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by md on 2023/03/22