Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:KYLIN-REST-CMD-INJ |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Kylin REST API Command Injection |
Release Date |
2020/07/07 |
Update Number |
3296 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache Kylin REST API Command Injection
This signature detects attempts to exploit a known vulnerability against Apache Kylin REST API. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
Affected Products
- Apache kylin 2.3.0
- Apache kylin 2.3.1
- Apache kylin 2.3.2
- Apache kylin 2.4.0
- Apache kylin 2.4.1
- Apache kylin 2.5.0
- Apache kylin 2.5.1
- Apache kylin 2.5.2
- Apache kylin 2.6.0
- Apache kylin 2.6.1
- Apache kylin 2.6.2
- Apache kylin 2.6.3
- Apache kylin 2.6.4
- Apache kylin 2.6.5
- Apache kylin 3.0.0
- Apache kylin 3.0.1
References