Intrusion PreventionApache.Spark.getUnixGroups.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in Apache Software Foundation Spark.
The vulnerability is due to errors in parsing user requests when the ACL is enabled. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation of this vulnerability can result in the execution of arbitrary commands in the security context of the user running the vulnerable server.
Outbreak Alert
Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities. According to Fortinet research analysis the most recent distribution of Zerobot includes additional capabilities such a new DDoS attack capabilities and exploiting Apache vulnerabilities.
Affected Products
Apache Software Foundation Spark prior to 3.1.3
Apache Software Foundation Spark prior to 3.2.2
Apache Software Foundation Spark prior to 3.3.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-10-26 | 25.666 | Sig Added |
| 2022-10-13 | 22.413 | Sig Added |
| 2022-09-07 | 22.387 | Default_action:pass:drop |
| 2022-08-09 | 21.370 |
| ID | 51924 |
| Created | Jul 26, 2022 |
| Updated | Oct 26, 2023 |
| Outbreak Alert | Zerobot Attack |
| Risk |
|
| CVE ID | CVE-2022-33891 CVE-2023-32007 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.29% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Apache |