Vulnerabilities > CVE-2018-17190 - Unspecified vulnerability in Apache Spark
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-201903-21.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-201903-21 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can possibly cause a Denial of Service condition or could bypass mod_session_cookie expiration time. Workaround : There is no known workaround at this time. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 123427 |
| published | 2019-03-28 |
| reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/123427 |
| title | GLSA-201903-21 : Apache: Multiple vulnerabilities |