spark-webui-unauth: Spark WebUI Unauthenticated

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Apache Spark WebUI Unauthenticated

PoC代码[已公开]

id: spark-webui-unauth
info:
  name: Spark WebUI Unauthenticated
  author: princechaddha
  severity: medium
  verified: false
  reference:
    - https://github.com/vulhub/vulhub/tree/master/spark/unacc
    - https://www.secpod.com/blog/unauthenticated-access-to-apache-spark-web-ui/
  description: |-
    Apache Spark WebUI Unauthenticated
  tags: spark,webui,unauth
  created: 2023/07/07

rules:
  r0:
    request:
      method: GET
      path: /
    expression: response.status == 200 && response.body.bcontains(b"<title>Spark Master at spark://") && response.body.bcontains(b"<strong>URL:</strong>")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/unauthorized/spark-webui-unauth.yaml