Apache Storm Vulnerability: User Impersonation and Credential Compromise

Apache Storm Vulnerability: User Impersonation and Credential Compromise

CVE-2017-9799 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

Learn more about our Cis Benchmark Audit For Apache Http Server.