Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
Unauthenticated Spark REST API
By kannthu
Critical
Vidoc Module
Vidoc Module#spark#unauth
Description
Author: princechaddha
Classification
CWE-ID: CWE-77
CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS-Score: 10
The Spark product's REST API interface allows access to unauthenticated users.
Reference
- https://xz.aliyun.com/t/2490
Remediation
Restrict access the exposed API ports.
Metadata
max-request: 1
Module preview
Concurrent Requests (1)
1. HTTP Request template
GET/v1/submissions
Matching conditions
status: 400and
word: Missing an action, serverSparkVersion
Passive global matcher
No matching conditions.
On match action
Report vulnerability