Apache Storm UI Deserialization Vulnerability

Apache Storm UI Deserialization Vulnerability

CVE-2018-11779 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.

Learn more about our Cis Benchmark Audit For Apache Http Server.