CVE-2017-9797

Name of the Vulnerable Software and Affected Versions Apache Geode versions prior to 1.2.1

Description The issue allows an unauthenticated client to enter multi-user authentication mode and send metadata messages when the cluster is operating in secure mode. This could lead to information leakage about application data types. Additionally, an attacker could perform a denial of service attack on the cluster.

Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the cluster to prevent unauthenticated clients from entering multi-user authentication mode.