Automate Recon and scanning process with Vidoc. All security teams in one place
The "Apache Hadoop YARN ResourceManager - Remote Code Execution" module is designed to detect vulnerabilities in the Apache Hadoop YARN ResourceManager software. This module specifically targets a remote code execution vulnerability, which allows an attacker to execute malicious code on the targeted system. The severity of this vulnerability is classified as critical, with a CVSS score of 9.8.
This module was authored by pdteam and Couskito.
If successfully exploited, this vulnerability can have severe consequences. An attacker can execute malware, gain unauthorized access to sensitive information, modify data, and potentially take control of the affected system.
The module works by sending HTTP requests to the Apache Hadoop YARN ResourceManager. One example of an HTTP request sent by the module is a POST request to the path "/ws/v1/cluster/apps/new-application". The module then applies matching conditions to the response received from the server to determine if the vulnerability is present.
The matching conditions used by this module include checking if the response contains the phrase "application-id" and if the response status is 200. These conditions are used to identify the presence of the vulnerability.