SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Apache Storm getTopologyHistory Command Injection

Category: MISC      

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6026


Relevant Information