Lucene search
GoogleOSV:GHSA-52GQ-7J6C-XW6XHistoryMay 13, 2022 - 1:53 a.m.
Missing Authentication for Critical Function in Apache Cassandra
2022-05-1301:53:28
Google
osv.dev
16
apache cassandra
authentication
jmx/rmi
remote attack
java code
cve-2015-0225
regression
fix
release 3.11.2
EPSS
0.008
Percentile
81.8%
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
Related
cve
cve
CVE-2018-8016
2018-06-28 16:29:00
CVE-2015-0225
2015-04-03 14:59:00
nvd
nvd
CVE-2018-8016
2018-06-28 16:29:00
CVE-2015-0225
2015-04-03 14:59:00
redhatcve
redhatcve
CVE-2018-8016
2018-06-27 09:49:11
github
github
Missing Authentication for Critical Function in Apache Cassandra
2022-05-13 01:53:28
veracode
veracode
Remote Code Execution (RCE)
2018-06-26 07:42:20
Remote Code Execution (RCE)
2019-12-12 08:16:04
cvelist
cvelist
CVE-2018-8016
2018-06-28 16:00:00
CVE-2015-0225
2015-04-03 14:00:00
prion
prion
Default configuration
2018-06-28 16:29:00
Default configuration
2015-04-03 14:59:00
nessus
nessus
Apache Cassandra 3.8.x < 3.11.1 RCE
2020-12-02 00:00:00
Apache Cassandra 1.2.x <= 1.2.19 / 2.0.x <= 2.0.13 / 2.1.x <= 2.1.3 RCE
2020-12-02 00:00:00
ibm
ibm
openvas
openvas
Apache Cassandra < 3.11.2 RCE Vulnerability
2018-06-29 00:00:00
redhat
redhat
(RHSA-2015:1947) Important: Red Hat JBoss Operations Network 3.3.4 update
2015-10-28 14:33:28
osv
osv
freebsd
freebsd
cassandra -- remote execution of arbitrary code
2015-04-01 00:00:00
securityvulns
securityvulns
[SECURITY ANNOUNCEMENT] CVE-2015-0225
2015-05-12 00:00:00