CVE-2014-0115

Name of the Vulnerable Software and Affected Versions Apache Storm version 0.9.0.1

Description The issue is related to a directory traversal vulnerability in the log viewer of Apache Storm. This vulnerability allows remote attackers to read arbitrary files by using a .. (dot dot) in the file parameter to log. The vulnerability is caused by insufficient restrictions on the directory path name, which can be exploited by an attacker to access files outside the intended directory.

Recommendations For Apache Storm version 0.9.0.1, consider restricting access to the log viewer or disabling the feature until a patch is available. As a temporary workaround, avoid using the file parameter with .. (dot dot) sequences in the log viewer to minimize the risk of exploitation.