PT-2015-4531 · Apache · Apache Cassandra

Georgi Geshev

Publicado

2015-04-03

Atualizado

2022-05-14

CVE-2015-0225

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache Cassandra versions 1.2.0 through 1.2.19 Apache Cassandra versions 2.0.0 through 2.0.13 Apache Cassandra versions 2.1.0 through 2.1.3

Description The default configuration of Apache Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. This allows remote attackers to execute arbitrary Java code via an RMI request.

Recommendations For Apache Cassandra versions 1.2.0 through 1.2.19, restrict access to the JMX/RMI interface to minimize the risk of exploitation. For Apache Cassandra versions 2.0.0 through 2.0.13, restrict access to the JMX/RMI interface to minimize the risk of exploitation. For Apache Cassandra versions 2.1.0 through 2.1.3, restrict access to the JMX/RMI interface to minimize the risk of exploitation.

Correção

RCE

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2015-0225

GHSA-W7F2-GJXF-2GM9

Produtos afetados

Apache Cassandra

PT-2015-4531 · Apache · Apache Cassandra

CVE-2015-0225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9