Date: Tue, 26 Jun 2018 10:11:50 +1200 From: Nate McCall <zznate@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2018-8016 on Apache Cassandra CVE-2018-8016 describes an issue with the default configuration of Apache Cassandra releases 3.8 through 3.11.1 which binds an unauthenticated JMX/RMI interface to all network interfaces allowing attackers to execute arbitrary Java code via an RMI request. This issue is a regression of the previously disclosed CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra. - The Apache Cassandra PMC
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.