Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Spark Master Unauthorized Access Vulnerability

Description

Apache Spark is an open-source distributed general-purpose cluster-computing framework.

Spark Master port is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache Spark's services publicly accessible.

Remediation

It's recommended to restrict access to Apache Spark Master port

References

Apache Spark Security

Related Vulnerabilities

Code Execution via WebDav

Spring Boot Misconfiguration: Overly long session timeout

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10268)

WordPress Plugin Count per Day Information Disclosure (3.2.5)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration