Apache REST RCE CVE-2018-11770 - Vulnerability Database

Apache REST RCE CVE-2018-11770

Description

Apache Spark is an open-source distributed general-purpose cluster-computing framework.

Spark REST is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache Spark's services publicly accessible.

Remediation

It's recommended to restrict access to Apache Spark REST port

References

Apache Spark Security

Related Vulnerabilities

Severity

High

Classification

CVE-2018-11770

CWE-94

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N