Apache Storm Logviewer Daemon File Disclosure Vulnerability

Apache Storm Logviewer Daemon File Disclosure Vulnerability

CVE-2019-0202 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.

Learn more about our Cis Benchmark Audit For Apache Http Server.