fix: false positive on hadoop unauth template (#5627)

* fix: false positive on hadoop unauth template * lint fix * reference update Co-authored-by: Couskito <yassine.bengana_ext@michelin.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2022-10-12 08:40:56 +02:00 · 2022-10-12 08:40:56 +02:00 · cf6da719c0
parent faa1c628b7
commit cf6da719c0
2 changed files with 33 additions and 25 deletions
--- a/misconfiguration/hadoop-unauth-rce.yaml
+++ b/misconfiguration/hadoop-unauth-rce.yaml
@ -0,0 +1,33 @@
+id: hadoop-unauth-rce
+
+info:
+  name: Apache Hadoop - Yarn ResourceManager Remote Code Execution
+  author: pdteam,Couskito
+  severity: critical
+  description: |
+    An unauthenticated Hadoop Resource Manager was discovered, which allows remote code execution by design.
+  reference:
+    - http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf
+    - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hadoop_unauth_exec.rb
+    - https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn
+    - https://github.com/Al1ex/Hadoop-Yarn-ResourceManager-RCE
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cwe-id: CWE-306
+  tags: apache,hadoop,unauth,rce
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/ws/v1/cluster/apps/new-application"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"application-id"'
+
+      - type: status
+        status:
+          - 200
--- a/misconfiguration/hadoop-unauth.yaml
+++ b/misconfiguration/hadoop-unauth.yaml
@ -1,25 +0,0 @@
-id: hadoop-unauth
-
-info:
-  name: Apache Hadoop Unauth
-  author: pdteam
-  severity: low
-  tags: apache,hadoop,unauth
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/ws/v1/cluster/info'
-      - '{{BaseURL}}/ws/v1/cluster/apps/new-application'
-
-    matchers-condition: or
-    matchers:
-      - type: word
-        words:
-          - 'hadoopVersion'
-          - 'resourceManagerVersionBuiltOn'
-        condition: and
-
-      - type: word
-        words:
-          - 'javax.ws.rs.WebApplicationException'