漏洞描述
Hadoop Yarn RPC存在未授权访问漏洞,此漏洞存在于Hadoop的核心组件Hadoop Yarn中,因HadoopYarn默认对外开放RPC服务,导致远程攻击者可利用此未授权漏洞并通过RPC服务执行任意命令,从而达到控制目标服务器的目的,鉴于此漏洞为高危状态,危害较大,且细节已公开、被在野利用,建议所有使用ApacheHadoop的用户及时进行自查并采取安全措施。
Hadoop Yarn RPC 未授权RCE PoC
PoC代码
暂无相关漏洞推荐
- hadoop-yarn-rpc-rce: Hadoop Yarn RPC RCE
- POC hadoop-yarn-unauth: Hadoop Yarn Unauth
- POC hadoop-unauth-rce: Apache Hadoop YARN ResourceManager - Remote Code Execution
- POC yarn-resourcemanager-rce: Apache Hadoop YARN ResourceManager - Remote Code Execution
- Hadoop YARN REST API 未授权访问导致远程代码执行漏洞
- Hadoop YARN ResourceManager 未授权访问
- Hadoop_YARN_ResourceManager log文件未授权访问
- Hadoop YARN ResourceManager-远程命令执行