Описание
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Operations Network 2 | Cassandra | Not affected | ||
| Red Hat JBoss Operations Network 3 | Cassandra | Affected | ||
| Red Hat JBoss Operations Network 3.3 | Fixed | RHSA-2015:1947 | 28.10.2015 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS2
Связанные уязвимости
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2. ...
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
7.5 High
CVSS2