Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Unauthenticated Spark REST API

By kannthu

Vidoc logoVidoc Module
Author: princechaddha Classification CWE-ID: CWE-77 CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS-Score: 10 The Spark product's REST API interface allows access to unauthenticated users. Reference - Remediation Restrict access the exposed API ports. Metadata max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 400and
word: Missing an action, serverSparkVersion
Passive global matcher
No matching conditions.
On match action
Report vulnerability