8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-9799

GHSA ID

GHSA-x825-rjww-2245

EPSS Score

0.74476%

CWE

Published

10/17/2018

Updated

1/9/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-9799

CVE-2017-9799: Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user

It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-9799

GHSA ID

GHSA-x825-rjww-2245

EPSS Score

0.74476%

CWE

Published

10/17/2018

Updated

1/9/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.storm:storm-core	maven	= 1.1.0	1.1.1
org.apache.storm:storm-core	maven	>= 1.0.0, < 1.0.4	1.0.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper stream handling in Nimbus' downloadChunk function. The patch modifies:

Stream type from BufferFileInputStream to BufferInputStream
Adds explicit stream closure
Improves error messaging

These changes indicate the original implementation allowed:

Potential stream reuse/leakage via unclosed BufferFileInputStream
Incomplete error context for stream identification

As downloadChunk is part of topology file distribution logic, improper stream management could let attackers interfere with worker process initialization. The function's role in processing topology artifacts makes it the entry point for user-controlled data that could be manipulated to trigger the user context switch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It w*s *oun* t**t un**r som* situ*tions *n* *on*i*ur*tions o* *p**** Storm *.x ***or* *.*.* *n* *.*.x ***or* *.*.*, it is t**or*ti**lly possi*l* *or t** own*r o* * topolo*y to tri*k t** sup*rvisor to l*un** * work*r *s * *i***r*nt, non-root, us*r. In

Reasoning

T** vuln*r**ility st*ms *rom improp*r str**m **n*lin* in Nim*us' *ownlo****unk *un*tion. T** p*t** mo*i*i*s: *. Str**m typ* *rom *u***r*il*InputStr**m to *u***rInputStr**m *. ***s *xpli*it str**m *losur* *. Improv*s *rror m*ss**in* T**s* ***n**s in*

8.8

Basic Information

Concerned about an active attack path?

CVE-2017-9799: Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI