Date: Mon, 31 Aug 2020 17:03:52 -0500 From: Brandon Williams <brandonwilliams@...che.org> To: cassandra <user@...sandra.apache.org>, dev@...sandra.apache.org Cc: Jeremiah Jordan <jeremiah@...astax.com>, security@...che.org, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX Versions Affected: All versions prior to: 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2 Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. By default Cassandra only binds JMX locally. Mitigation: 2.1.x users should upgrade to 2.1.22 2.2.x users should upgrade to 2.2.18 3.0.x users should upgrade to 3.0.22 3.11.x users should upgrade to 3.11.8 4.0-beta1 users should upgrade to 4.0-beta2 Alternatively, users can upgrade their JVM to versions after those in the description.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.