Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32104
HistoryMay 12, 2015 - 12:00 a.m.

[SECURITY ANNOUNCEMENT] CVE-2015-0225

2015-05-1200:00:00
vulners.com
21
JSON

CVE-2015-0225: Apache Cassandra remote execution of arbitrary code

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Cassandra 1.2.0 to 1.2.19
Cassandra 2.0.0 to 2.0.13
Cassandra 2.1.0 to 2.1.3

Description:
Under its default configuration, Cassandra binds an unauthenticated
JMX/RMI interface to all network interfaces. As RMI is an API for the
transport and remote execution of serialized Java, anyone with access
to this interface can execute arbitrary code as the running user.

Mitigation:
1.2.x has reached EOL, so users of <= 1.2.x are recommended to upgrade
to a supported version of Cassandra, or manually configure encryption
and authentication of JMX,
(seehttps://wiki.apache.org/cassandra/JmxSecurity).
2.0.x users should upgrade to 2.0.14
2.1.x users should upgrade to 2.1.4
Alternately, users of any version not wishing to upgrade can
reconfigure JMX/RMI to enable encryption and authentication according
to https://wiki.apache.org/cassandra/JmxSecurityor
http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html

Credit:
This issue was discovered by Georgi Geshev of MWR InfoSecurity

Related

veracode 2
nessus 2
redhat 1
github 2
osv 2
cve 2
prion 2
freebsd 1
redhatcve 1
securityvulns 1
veracode
veracode
Remote Code Execution (RCE)
2019-12-12 08:16:04
Remote Code Execution (RCE)
2018-06-26 07:42:20
nessus
nessus
Apache Cassandra 1.2.x <= 1.2.19 / 2.0.x <= 2.0.13 / 2.1.x <= 2.1.3 RCE
2020-12-02 00:00:00
FreeBSD : cassandra -- remote execution of arbitrary code (607f4d44-0158-11e5-8fda-002590263bf5)
2015-05-26 00:00:00
redhat
redhat
(RHSA-2015:1947) Important: Red Hat JBoss Operations Network 3.3.4 update
2015-10-28 14:33:28
github
github
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
2022-05-14 02:49:56
Missing Authentication for Critical Function in Apache Cassandra
2022-05-13 01:53:28
osv
osv
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
2022-05-14 02:49:56
Missing Authentication for Critical Function in Apache Cassandra
2022-05-13 01:53:28
cve
cve
CVE-2015-0225
2015-04-03 14:59:00
CVE-2018-8016
2018-06-28 16:29:00
prion
prion
Default configuration
2015-04-03 14:59:00
Default configuration
2018-06-28 16:29:00
freebsd
freebsd
cassandra -- remote execution of arbitrary code
2015-04-01 00:00:00
redhatcve
redhatcve
CVE-2018-8016
2018-06-27 09:49:11
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-05-12 00:00:00
JSON
Related for SECURITYVULNS:DOC:32104
veracode2nessus2redhat1github2osv2cve2prion2freebsd1redhatcve1securityvulns1