CVE-2018-8016

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
Configurations

Configuration 1

cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*

Information

Published : 2018-06-28 04:29

Updated : 2019-10-03 12:03


NVD link : CVE-2018-8016

Mitre link : CVE-2018-8016

Products Affected
No products.
CWE