Apache Hadoop YARN ResourceManager - Remote Code Execution

What is "Apache Hadoop YARN ResourceManager - Remote Code Execution?"

The "Apache Hadoop YARN ResourceManager - Remote Code Execution" module is designed to detect vulnerabilities in the Apache Hadoop YARN ResourceManager software. This module specifically targets a remote code execution vulnerability, which allows an attacker to execute malicious code on the targeted system. The severity of this vulnerability is classified as critical, with a CVSS score of 9.8.

This module was authored by pdteam and Couskito.

Impact

If successfully exploited, this vulnerability can have severe consequences. An attacker can execute malware, gain unauthorized access to sensitive information, modify data, and potentially take control of the affected system.

How the module works?

The module works by sending HTTP requests to the Apache Hadoop YARN ResourceManager. One example of an HTTP request sent by the module is a POST request to the path "/ws/v1/cluster/apps/new-application". The module then applies matching conditions to the response received from the server to determine if the vulnerability is present.

The matching conditions used by this module include checking if the response contains the phrase "application-id" and if the response status is 200. These conditions are used to identify the presence of the vulnerability.