Critical severity9.8NVD Advisory· Published Jan 13, 2017· Updated May 13, 2026
CVE-2015-3188
CVE-2015-3188
Description
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.storm:stormMaven | >= 0.10.0-beta, < 0.10.0-beta1 | 0.10.0-beta1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.htmlnvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1032695nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-cg5h-q983-4rwwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3188ghsaADVISORY
- github.com/apache/storm/blob/v0.10.0-beta1/SECURITY.mdghsaWEB
- github.com/apache/storm/blob/v0.10.0-beta1/STORM-UI-REST-API.mdghsaWEB
- web.archive.org/web/20151014213052/http://www.securitytracker.com/id/1032695ghsaWEB
- web.archive.org/web/20171202122914/http://www.securityfocus.com/archive/1/535804/100/0/threadedghsaWEB
- www.securityfocus.com/archive/1/535804/100/0/threadednvd
News mentions
0No linked articles in our index yet.