Description
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
References (2)
Core 2
Core References
Various Sources mailing-list
x_refsource_mlist
https://mail-archives.apache.org/mod_mbox/storm-dev/201404.mbox/%3CJIRA.12704141.1395964296891.201561.1398799995645%40arcas%3E
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/STORM-269
Scores
CVSS v3
7.5
EPSS
0.0077
EPSS Percentile
73.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
apache/storm
0.9.0.1
org.apache.storm/storm
0Maven
Published
Oct 30, 2017
Tracked Since
Feb 18, 2026