Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Flume vulnerable to a JNDI RCE in JMSSource
Vulnerability Description
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache Flume 安全漏洞
Vulnerability Description
Apache Flume是美国阿帕奇(Apache)基金会的一种分布式、可靠且可用的服务。用于高效收集、聚合和移动大量日志数据。 Apache Flume 1.4.0版本至1.9.0之前版本存在安全漏洞,该漏洞源于配置使用带有 JNDI LDAP 数据源 URI 的 JMS 源导致容易受到远程代码执行 (RCE) 攻击。
CVSS Information
N/A
Vulnerability Type
N/A