CVE-2015-3188: Apache Storm remote code execution vulnerability
(updated )
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
References
- packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html
- github.com/advisories/GHSA-cg5h-q983-4rww
- github.com/apache/storm/blob/v0.10.0-beta1/SECURITY.md
- github.com/apache/storm/blob/v0.10.0-beta1/STORM-UI-REST-API.md
- nvd.nist.gov/vuln/detail/CVE-2015-3188
- web.archive.org/web/20151014213052/http://www.securitytracker.com/id/1032695
- web.archive.org/web/20171202122914/http://www.securityfocus.com/archive/1/535804/100/0/threaded
Code Behaviors & Features
Detect and mitigate CVE-2015-3188 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →