4 matches found
Default configuration
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...
CVE-2018-8016
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...
Remote Code Execution (RCE)
apache-cassandra is vulnerable to remote code execution RCE attacks. The library binds unauthenticated Remote Method Invocation RMI Interfaces to all network interfaces, allowing a malicious user to invoke an RMI request to inject and execute arbitrary Java code. This is a regression of...
CVE-2015-0225
CVE-2015-0225 affects Apache Cassandra 1.2.0–1.2.19, 2.0.0–2.0.13, and 2.1.0–2.1.3, where an unauthenticated JMX/RMI interface bound to all network interfaces allows remote attackers to execute arbitrary Java code via RMI. The connected advisories indicate this is a regression path tracked in lat...