CVE-2018-9159

MEDIUM

sparkjava/spark < 2.7.2 - Path Traversal via File URL

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2018-9159. PoCs published by dawetmaster, andikahilmy, shoucheng3.

AI-analyzed exploit summary This repository contains a vulnerable version of the Spark Java web framework, specifically demonstrating CVE-2018-9159. The code includes a full implementation of the framework with examples that can be used to exploit the vulnerability, which involves improper handling of HTTP requests leading to potential remote code execution (RCE).

Description

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.

Exploits (4)

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2018-9159-perwendel-spark-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of the Spark Java web framework, specifically demonstrating CVE-2018-9159. The code includes a full implementation of the framework with examples that can be used to exploit the vulnerability, which involves improper handling of HTTP requests leading to potential remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Spark Java web framework (version 1.0)

No auth needed

Prerequisites: Java runtime environment · Network access to the target Spark application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2018-9159-perwendel-spark-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of the Spark Java web framework, specifically demonstrating CVE-2018-9159. The code includes a full implementation of the framework with examples that can be used to reproduce the vulnerability, which involves improper handling of HTTP requests leading to potential remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Spark Java web framework (version 1.0)

No auth needed

Prerequisites: Network access to the target application · Ability to send crafted HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/perwendel__spark_CVE-2018-9159_2_7_2_fixed

View Code ZIP pw:eip

This repository contains documentation and examples for the Spark Java web framework, including a mention of CVE-2018-9159 but no actual exploit code. It provides usage examples and highlights a vulnerability in older versions of Spark.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Spark Java web framework (versions lower than 2.5.2)

No auth needed

Prerequisites: None

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/perwendel__spark_CVE-2018-9159_2-7-1

View Code ZIP pw:eip

This repository appears to be a fork of the Spark Java web framework, with a README describing the framework and its usage. There is no exploit code or PoC for CVE-2018-9159 present in the provided files.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Spark Java web framework (versions lower than 2.5.2)

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →