[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 31 Aug 2020 17:03:52 -0500
From: Brandon Williams <brandonwilliams@...che.org>
To: cassandra <user@...sandra.apache.org>, dev@...sandra.apache.org
Cc: Jeremiah Jordan <jeremiah@...astax.com>, security@...che.org,
oss-security@...ts.openwall.com, bugtraq@...urityfocus.com
Subject: CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX
Versions Affected:
All versions prior to: 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;
Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to
affect confidentiality, integrity, and availability via vectors
related to JMX. By default Cassandra only binds JMX locally.
Mitigation:
2.1.x users should upgrade to 2.1.22
2.2.x users should upgrade to 2.2.18
3.0.x users should upgrade to 3.0.22
3.11.x users should upgrade to 3.11.8
4.0-beta1 users should upgrade to 4.0-beta2
Alternatively, users can upgrade their JVM to versions after those in
the description.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
