Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 Jul 2018 10:31:48 -0500
From: Bobby Evans <bobby@...che.org>
To: oss-security@...ts.openwall.com
Cc: Apache Security Team <security@...che.org>, 
	"private@...rm.apache.org" <private@...rm.apache.org>
Subject: CVE-2018-1331: Apache Storm remote code execution vulnerability

[CVEID]:CVE-2018-1331
[PRODUCT]:Apache Storm
[VERSION]:Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0
through 1.1.2, 1.2.0 through 1.2.1
[PROBLEMTYPE]:Remote Code Execution
[REFERENCES]: http://storm.apache.org/2018/06/04/storm122-released.html
http://storm.apache.org/2018/06/04/storm113-released.html

An attacker with access to a secure storm cluster in some cases could
execute arbitrary code as a different user.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ