Apache Hadoop YARN ResourceManager - Remote Code Execution

What is "Apache Hadoop YARN ResourceManager - Remote Code Execution?"

The "Apache Hadoop YARN ResourceManager - Remote Code Execution" module is designed to detect vulnerabilities in the Apache Hadoop YARN ResourceManager software. This vulnerability allows attackers to execute malicious code remotely, potentially leading to unauthorized access, data modification, and the compromise of sensitive information. The severity of this vulnerability is classified as low.

This module was authored by pdteam.

Impact

If exploited, the "Apache Hadoop YARN ResourceManager - Remote Code Execution" vulnerability can have serious consequences. Attackers can execute malware, gain unauthorized access to systems, obtain sensitive information, modify data, and potentially gain full control over compromised systems without the need for valid credentials.

How the module works?

The module works by sending HTTP requests to the targeted Apache Hadoop YARN ResourceManager software. One example of an HTTP request sent by this module is:

POST /ws/v1/cluster/apps/new-application

The module then applies matching conditions to the responses received from the targeted software. The matching conditions for this module include:

- Checking if the response contains the words "application-id" and "maximum-resource-capability". - Verifying that the response status is 200.

If all matching conditions are met, the module reports the vulnerability.

For more information, please refer to the reference.