PT-2015-4531 · Apache · Apache Cassandra
Georgi Geshev
·
Published
2015-04-03
·
Updated
2022-05-14
·
CVE-2015-0225
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Cassandra versions 1.2.0 through 1.2.19
Apache Cassandra versions 2.0.0 through 2.0.13
Apache Cassandra versions 2.1.0 through 2.1.3
Description
The default configuration of Apache Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. This allows remote attackers to execute arbitrary Java code via an RMI request.
Recommendations
For Apache Cassandra versions 1.2.0 through 1.2.19, restrict access to the JMX/RMI interface to minimize the risk of exploitation.
For Apache Cassandra versions 2.0.0 through 2.0.13, restrict access to the JMX/RMI interface to minimize the risk of exploitation.
For Apache Cassandra versions 2.1.0 through 2.1.3, restrict access to the JMX/RMI interface to minimize the risk of exploitation.
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Cassandra