Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
References
Link | Resource |
---|---|
https://issues.apache.org/jira/browse/STORM-269 | Issue Tracking Patch Vendor Advisory |
https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-10-30T16:00:00
Updated: 2017-10-30T15:57:02
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0115
JSON object: View
NVD Information
Status : Modified
Published: 2017-10-30T16:29:00.317
Modified: 2023-11-07T02:18:09.640
Link: CVE-2014-0115
JSON object: View
Redhat Information
No data.
CWE