vulnerability

Gentoo Linux: CVE-2018-17190: Apache: Multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Nov 19, 2018	Mar 29, 2019	Nov 27, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Nov 19, 2018

Added

Mar 29, 2019

Modified

Nov 27, 2024

Description

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.

Solution

gentoo-linux-upgrade-www-servers-apache

References

CVE-2018-17190
https://attackerkb.com/topics/CVE-2018-17190
GENTOO-201903-21

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today