Date: Tue, 26 Jun 2018 10:11:50 +1200 From: Nate McCall <zznate@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2018-8016 on Apache Cassandra CVE-2018-8016 describes an issue with the default configuration of Apache Cassandra releases 3.8 through 3.11.1 which binds an unauthenticated JMX/RMI interface to all network interfaces allowing attackers to execute arbitrary Java code via an RMI request. This issue is a regression of the previously disclosed CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra. - The Apache Cassandra PMC
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ