Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache ZooKeeper Unauthorized Access Vulnerability

Description

Apache ZooKeeper is an effort to develop and maintain an open-source server which enables highly reliable distributed coordination.

Apache ZooKeeper is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache ZooKeeper service publicly accessible.

Remediation

It's recommended to restrict access to this service in production systems.

References

ZooKeeper Security

Related Vulnerabilities

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Vulnerabilities (1.17.1)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-17671)

RethinkDB administrative interface publicly exposed

ASP.NET diagnostic page

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration