漏洞描述
Detects exposed PySparkShell Application UI by Apache Spark on port 4040. The UI should not be exposed to the internet as it may leak sensitive job and cluster information.
apachespark-ui-exposed: Apache Spark Application UI - Exposed
PoC代码[已公开]
id: apachespark-ui-exposed
info:
name: Apache Spark Application UI - Exposed
author: ritikchaddha
severity: medium
description: |
Detects exposed PySparkShell Application UI by Apache Spark on port 4040. The UI should not be exposed to the internet as it may leak sensitive job and cluster information.
reference:
- https://spark.apache.org/docs/latest/web-ui.html
metadata:
verified: true
max-request: 1
vendor: apache
product: spark
shodan-query: title:"spark master at"
fofa-query: title="spark master at"
tags: spark,pyspark,ui,exposed,panel,apache,vuln
http:
- method: GET
path:
- "{{BaseURL}}/jobs/"
- "{{BaseURL}}:4040/jobs/"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "Spark Jobs"
- "application UI"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022033965f5fadacf9c51b712986e19b1282c3eae2bc67ba1f46eddc380e60b5175c022100e92c975a0736a5c165ed64f2ffa2d6470220d496972763d5ffecc6506c1bfcc9:922c64590222798bb761d5b6d8e72950