Apache Storm UI Deserialization Vulnerability
CVE-2018-11779 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Learn more about our Cis Benchmark Audit For Apache Http Server.