Land #14396, hadoop_unauth_exec clarification
This commit is contained in:
William Vu
@@ -1,6 +1,7 @@
|
||||
## Description
|
||||
|
||||
This module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.
|
||||
This module uses built-in functionality to execute arbitrary commands on an unsecured Hadoop server which is
|
||||
not configured for strong authentication, via Hadoop's standard ResourceManager REST API.
|
||||
|
||||
## Vulnerable Application
|
||||
|
||||
@@ -14,7 +15,6 @@ https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn
|
||||
|
||||
Change dictory to `vulhub/hadoop/unauthorized-yarn`, and run `docker-compose up -d`
|
||||
|
||||
|
||||
## Verification Steps
|
||||
|
||||
1. Install the application
|
||||
|
||||
Reference in New Issue
Block a user