Arbitrary Code Execution Vulnerability in Apache Storm

Arbitrary Code Execution Vulnerability in Apache Storm

CVE-2018-1331 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

Learn more about our Cis Benchmark Audit For Apache Http Server.