CVE-2015-0225

creationtimestamp| type| source ---|---|--- 2024-01-07 00:54:04+00:00| seen| https://t.me/arpsyndicate/2595...

com.savoirtech:cassandra-all (=1.5.4) potentially affected by CVE-2015-0225 via org.apache.cassandra:apache-cassandra (=1.2.6)

org.apache.cassandra:apache-cassandra MAVEN version =1.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cassandra:apache-cassandra and may be impacted: - com.savoirtech:cassandra-all =1.5.4 Source cves: CVE-2015-0225 Source advisory:...

Default configuration

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...

CVE-2018-8016

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...

Remote Code Execution (RCE)

apache-cassandra is vulnerable to remote code execution RCE attacks. The library binds unauthenticated Remote Method Invocation RMI Interfaces to all network interfaces, allowing a malicious user to invoke an RMI request to inject and execute arbitrary Java code. This is a regression of...

CVE-2015-0225

CVE-2015-0225 affects Apache Cassandra 1.2.0–1.2.19, 2.0.0–2.0.13, and 2.1.0–2.1.3, where an unauthenticated JMX/RMI interface bound to all network interfaces allows remote attackers to execute arbitrary Java code via RMI. The connected advisories indicate this is a regression path tracked in lat...