CVE-2017-7678 in Sparkinfo

Zusammenfassung

von MITRE

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

11.04.2017

Veröffentlichung

12.07.2017

Moderieren

akzeptiert

Eintrag

VDB-103492

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

6.1 (NVD)

EPSS

0.01421

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-7678
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-7678
CVE Details	https://www.cvedetails.com/cve/CVE-2017-7678/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!