Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 10 Jul 2018 10:31:48 -0500
From: Bobby Evans <>
Cc: Apache Security Team <>, 
	"" <>
Subject: CVE-2018-1331: Apache Storm remote code execution vulnerability

[PRODUCT]:Apache Storm
[VERSION]:Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0
through 1.1.2, 1.2.0 through 1.2.1
[PROBLEMTYPE]:Remote Code Execution

An attacker with access to a secure storm cluster in some cases could
execute arbitrary code as a different user.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ