ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Apache Spark Exploit Attempt - CVE-2022-33891

Risk Factors

This vulnerability is well known, and public exploit code is available. An unauthenticated attacker could gain complete control of a device and find an entry point for further attacks on your network.

Kill Chain

Exploitation

Risk Score

83

Detection diagram
Next in Exploitation: Apache Struts 2 Exploit Attempt - CVE-2017-9805

Attack Background

Apache Spark is an open-source analytics engine for large-scale data processing. Users can authenticate through the Spark web interface to connect to other servers. To help manage authentication, Spark includes an option, spark.acls.enable, which enables users to configure access control lists (ACLs). When this option is enabled, Spark has a vulnerability that allows an attacker to send malicious commands to connected servers through the Sparks web interface. To exploit this vulnerability, the attacker replaces a username with a malicious command in the query or form parameter, ?doAs=, within an HTTP GET request. The malicious command runs on the connected server.

Mitigation Options

Upgrade to Apache Spark maintenance release 3.1.3, 3.2.2, 3.3.0, or later

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right