HomePentest-Tools.com Logo

Apache Hadoop Zip Slip Vulnerability CVE-2018-8009

Severity
CVSSv3 Score
8.8
Vulnerability description

Apache Hadoop is prone to the Zip Slip vulnerability.

Risk description

The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.sh). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z. Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. The premise of the directory traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victims machine. The vulnerability can also cause damage by overwriting configuration files or other sensitive resources, and can be exploited on both client (user) machines and servers.

Recommendation

Update to version 3.1.1, 3.0.3, 2.8.5 or 2.7.7 respectively.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 13, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available