From 06a0634828afd25f4ef271a08d3c9215fced6461 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 16 Nov 2020 11:31:59 -0600
Subject: [PATCH 1/2] Describe the Hadoop vuln as not-a-vuln clearly

---
 modules/exploits/linux/http/hadoop_unauth_exec.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/linux/http/hadoop_unauth_exec.rb b/modules/exploits/linux/http/hadoop_unauth_exec.rb
index eaa623054f..e590e442f6 100644
--- a/modules/exploits/linux/http/hadoop_unauth_exec.rb
+++ b/modules/exploits/linux/http/hadoop_unauth_exec.rb
@@ -14,7 +14,8 @@ class MetasploitModule < Msf::Exploit::Remote
     super(update_info(info,
       'Name'           => 'Hadoop YARN ResourceManager Unauthenticated Command Execution',
       'Description'    => %q{
-          This module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.
+          This module uses built-in functionality to execute arbitrary commands on an unsecured Hadoop server which is not configured for strong
+          authentication, via Hadoop's standard ResourceManager REST API.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
@@ -26,6 +27,7 @@ class MetasploitModule < Msf::Exploit::Remote
         [
           ['URL', 'http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf'],
           ['URL', 'https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn']
+          # Note, there will never be a CVE for this issue, unless something radical changes in the CVE inclusion rules.
         ],
       'Platform'       => 'linux',
       'Arch'           => [ARCH_X86, ARCH_X64],
@@ -34,7 +36,7 @@ class MetasploitModule < Msf::Exploit::Remote
           ['Automatic', {}]
         ],
       'Privileged'     => false,
-      'DisclosureDate' => 'Oct 19 2016',
+      'DisclosureDate' => '2016-10-19',
       'DefaultTarget'  => 0
     ))
 

From 0feff932f212823309283b17231182c61dc32c9e Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Mon, 16 Nov 2020 11:38:00 -0600
Subject: [PATCH 2/2] Change docs to reflect the truth of the "vuln"

---
 .../modules/exploit/linux/http/hadoop_unauth_exec.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/modules/exploit/linux/http/hadoop_unauth_exec.md b/documentation/modules/exploit/linux/http/hadoop_unauth_exec.md
index 450bfa6e25..546470dca1 100644
--- a/documentation/modules/exploit/linux/http/hadoop_unauth_exec.md
+++ b/documentation/modules/exploit/linux/http/hadoop_unauth_exec.md
@@ -1,6 +1,7 @@
 ## Description
 
-This module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.
+This module uses built-in functionality to execute arbitrary commands on an unsecured Hadoop server which is
+not configured for strong authentication, via Hadoop's standard ResourceManager REST API.
 
 ## Vulnerable Application
 
@@ -14,7 +15,6 @@ https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn
 
 Change dictory to `vulhub/hadoop/unauthorized-yarn`, and run `docker-compose up -d`
 
-
 ## Verification Steps
 
   1. Install the application