CVE-2022-2053 - Undertow AJP DoS Vulnerability via Malicious POST Requests
Published: June 2022
Fixed in: Undertow 2.2.19.Final, 2.3..Alpha2
Severity: Moderate
CWE: CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
CVE
CVE-2022-2664 A critical vulnerability has been found in Private Cloud Management Platform. The affected function is unknown.
In the case of remote access, the attacker can try to exploit the vulnerability by convincing the user to open a remote link or by
CVE-2022-25168 The Apache Hadoop FileUtil.unTar API does not escape input file names, allowing an attacker to inject commands.
HADOOP-18140 (SPARK-17969). "Tar of compressed files (zipped, gzipped) fails with 'File exists' exception", has been fixed in Apache Spark 1.0.
CVE-2022-33891 ACLs can be enabled via the configuration option spark.acls.enable. An authentication filter checks whether a user has access permissions to the application.
There is no known way to exploit this vulnerability if Apache Spark is installed with a different user name than the one configured on the
CVE-2022-33980 The Apache Commons Configuration module performs variable interpolation, expanding properties.
or a later version. Apache Commons Configuration supports interpolation of various data types, such as date and number formats. The format for interpolation of date
Episode
00:00:00
00:00:00