Vulnerabilites related to apache - cassandra
cve-2015-0225
Vulnerability from cvelistv5
Published
2015-04-03 14:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2015-1947.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/73478 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/535154/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1034002 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"name": "RHSA-2015:1947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "73478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "1034002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"name": "RHSA-2015:1947",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "73478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "1034002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html"
},
{
"name": "RHSA-2015:1947",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"name": "73478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73478"
},
{
"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"name": "1034002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0225",
"datePublished": "2015-04-03T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44521
Vulnerability from cvelistv5
Published
2022-02-11 12:20
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/11/4 | mailing-list, x_refsource_MLIST | |
| https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220225-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Cassandra |
Version: 3.0.0 < unspecified Version: unspecified < 3.0.26 Version: 3.1 < unspecified Version: unspecified < 3.11.12 Version: 4.0.0 < unspecified Version: unspecified < 4.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
},
{
"name": "[oss-security] 20220211 CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cassandra",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
},
{
"lessThan": "3.0.26",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.1",
"versionType": "custom"
},
{
"lessThan": "3.11.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Omer Kaspi of the JFrog Security vulnerability research team."
}
],
"descriptions": [
{
"lang": "en",
"value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
}
],
"metrics": [
{
"other": {
"content": {
"other": "high"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T09:06:17",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
},
{
"name": "[oss-security] 20220211 CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
}
],
"source": {
"defect": [
"CASSANDRA-17352"
],
"discovery": "UNKNOWN"
},
"title": "Remote code execution for scripted UDFs",
"workarounds": [
{
"lang": "en",
"value": "Set `enable_user_defined_functions_threads: true` (this is default)\nor\n3.0 users should upgrade to 3.0.26\n3.11 users should upgrade to 3.11.12\n4.0 users should upgrade to 4.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44521",
"STATE": "PUBLIC",
"TITLE": "Remote code execution for scripted UDFs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cassandra",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "3.0.0"
},
{
"version_affected": "\u003c",
"version_value": "3.0.26"
},
{
"version_affected": "\u003e=",
"version_value": "3.1"
},
{
"version_affected": "\u003c",
"version_value": "3.11.12"
},
{
"version_affected": "\u003e=",
"version_value": "4.0.0"
},
{
"version_affected": "\u003c",
"version_value": "4.0.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Omer Kaspi of the JFrog Security vulnerability research team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
},
{
"name": "[oss-security] 20220211 CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
},
{
"name": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/",
"refsource": "MISC",
"url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
}
]
},
"source": {
"defect": [
"CASSANDRA-17352"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Set `enable_user_defined_functions_threads: true` (this is default)\nor\n3.0 users should upgrade to 3.0.26\n3.11 users should upgrade to 3.11.12\n4.0 users should upgrade to 4.0.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44521",
"datePublished": "2022-02-11T12:20:12",
"dateReserved": "2021-12-02T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4970
Vulnerability from cvelistv5
Published
2017-04-13 14:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0179.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2017-1097.html | vendor-advisory, x_refsource_REDHAT | |
| http://netty.io/news/2016/06/07/4-1-1-Final.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96540 | vdb-entry, x_refsource_BID | |
| https://github.com/netty/netty/pull/5364 | x_refsource_CONFIRM | |
| https://wiki.opendaylight.org/view/Security_Advisories | x_refsource_CONFIRM | |
| http://netty.io/news/2016/06/07/4-0-37-Final.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1343616 | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
},
{
"name": "RHSA-2017:1097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
},
{
"name": "96540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96540"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/pull/5364"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
},
{
"name": "[cassandra-commits] 20191112 [jira] [Created] (CASSANDRA-15412) Security vulnerability CVE-2016-4970 for Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T17:06:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
},
{
"name": "RHSA-2017:1097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
},
{
"name": "96540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96540"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/pull/5364"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
},
{
"name": "[cassandra-commits] 20191112 [jira] [Created] (CASSANDRA-15412) Security vulnerability CVE-2016-4970 for Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0179",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
},
{
"name": "RHSA-2017:1097",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
},
{
"name": "http://netty.io/news/2016/06/07/4-1-1-Final.html",
"refsource": "CONFIRM",
"url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
},
{
"name": "96540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96540"
},
{
"name": "https://github.com/netty/netty/pull/5364",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/pull/5364"
},
{
"name": "https://wiki.opendaylight.org/view/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"name": "http://netty.io/news/2016/06/07/4-0-37-Final.html",
"refsource": "CONFIRM",
"url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
},
{
"name": "[cassandra-commits] 20191112 [jira] [Created] (CASSANDRA-15412) Security vulnerability CVE-2016-4970 for Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144@%3Ccommits.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4970",
"datePublished": "2017-04-13T14:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30601
Vulnerability from cvelistv5
Published
2023-05-30 07:25
Modified
2024-10-09 20:55
Severity ?
EPSS score ?
Summary
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.
WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.
MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Cassandra |
Version: 4.0.0 ≤ 4.0.9 Version: 4.1.0 ≤ 4.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:52.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cassandra",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T20:47:35.478197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:55:28.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Cassandra",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gal Elbaz at Oligo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra\u003cbr\u003e\u003cp\u003eThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.\u003c/p\u003eWORKAROUND\u003cbr\u003eThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.\u003cbr\u003e\u003cbr\u003eMITIGATION\u003cbr\u003eUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property\u0026nbsp;allow_nodetool_archive_command as false."
}
],
"value": "Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.\n\nWORKAROUND\nThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.\n\nMITIGATION\nUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property\u00a0allow_nodetool_archive_command as false."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T07:25:49.920Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn"
}
],
"source": {
"defect": [
"CASSANDRA-18550"
],
"discovery": "UNKNOWN"
},
"title": "Apache Cassandra: Privilege escalation when enabling FQL/Audit logs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-30601",
"datePublished": "2023-05-30T07:25:49.920Z",
"dateReserved": "2023-04-13T07:56:36.918Z",
"dateUpdated": "2024-10-09T20:55:28.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-17516
Vulnerability from cvelistv5
Published
2021-02-03 16:40
Modified
2024-08-04 14:00
Severity ?
EPSS score ?
Summary
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210521-0002/ | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Cassandra |
Version: 2.1.0 to 2.1.22 Version: 2.2.0 to 2.2.19 Version: 3.0.0 to 3.0.23 Version: 3.11.0 to 3.11.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e"
},
{
"name": "[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
},
{
"name": "[cassandra-commits] 20210523 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210915 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cassandra",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.1.0 to 2.1.22"
},
{
"status": "affected",
"version": "2.2.0 to 2.2.19"
},
{
"status": "affected",
"version": "3.0.0 to 3.0.23"
},
{
"status": "affected",
"version": "3.11.0 to 3.11.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using \u0027dc\u0027 or \u0027rack\u0027 internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T08:06:07",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e"
},
{
"name": "[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
},
{
"name": "[cassandra-commits] 20210523 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210915 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cassandra",
"version": {
"version_data": [
{
"version_value": "2.1.0 to 2.1.22"
},
{
"version_value": "2.2.0 to 2.2.19"
},
{
"version_value": "3.0.0 to 3.0.23"
},
{
"version_value": "3.11.0 to 3.11.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using \u0027dc\u0027 or \u0027rack\u0027 internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D@apache.org%3e",
"refsource": "CONFIRM",
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D@apache.org%3e"
},
{
"name": "[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
},
{
"name": "[cassandra-commits] 20210523 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210915 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9@%3Ccommits.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17516",
"datePublished": "2021-02-03T16:40:04",
"dateReserved": "2020-08-12T00:00:00",
"dateUpdated": "2024-08-04T14:00:48.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13946
Vulnerability from cvelistv5
Published
2020-09-01 20:49
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Cassandra |
Version: All versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200901 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200902 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200911 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cassandra",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-21T08:06:25",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200901 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200902 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200911 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cassandra",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200901 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200902 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200911 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13946",
"datePublished": "2020-09-01T20:49:32",
"dateReserved": "2020-06-08T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3427
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-10-08 15:07
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:56:14.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
},
{
"name": "RHSA-2016:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"name": "SUSE-SU-2016:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"name": "RHSA-2016:1039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"name": "RHSA-2016:0701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"name": "USN-2972-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2972-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1303",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"name": "1037331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037331"
},
{
"name": "SUSE-SU-2016:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"name": "openSUSE-SU-2016:1235",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
},
{
"name": "openSUSE-SU-2016:1262",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
},
{
"name": "SUSE-SU-2016:1300",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"name": "RHSA-2016:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"name": "RHSA-2016:0708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"name": "RHSA-2016:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
},
{
"name": "RHSA-2016:0651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
},
{
"name": "SUSE-SU-2016:1378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"name": "SUSE-SU-2016:1248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
},
{
"name": "SUSE-SU-2016:1379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
},
{
"name": "USN-2964-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2964-1"
},
{
"name": "openSUSE-SU-2016:1230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
},
{
"name": "SUSE-SU-2016:1458",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"name": "GLSA-201606-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-18"
},
{
"name": "RHSA-2016:0716",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"name": "1035596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "openSUSE-SU-2016:1265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
},
{
"name": "USN-2963-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2963-1"
},
{
"name": "RHSA-2016:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
},
{
"name": "SUSE-SU-2016:1250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
},
{
"name": "SUSE-SU-2016:1388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"name": "RHSA-2016:0702",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"name": "RHSA-2016:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "DSA-3558",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3558"
},
{
"name": "RHSA-2016:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"name": "86421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86421"
},
{
"name": "RHSA-2016:0650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
},
{
"name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-3427",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T15:06:35.308318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-05-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3427"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:07:05.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T02:06:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "openSUSE-SU-2016:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
},
{
"name": "RHSA-2016:0677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"name": "SUSE-SU-2016:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"name": "RHSA-2016:1039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"name": "RHSA-2016:0701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"name": "USN-2972-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2972-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1303",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"name": "1037331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037331"
},
{
"name": "SUSE-SU-2016:1475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"name": "openSUSE-SU-2016:1235",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
},
{
"name": "openSUSE-SU-2016:1262",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
},
{
"name": "SUSE-SU-2016:1300",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"name": "RHSA-2016:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
},
{
"name": "RHSA-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"name": "RHSA-2016:0708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"name": "RHSA-2016:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
},
{
"name": "RHSA-2016:0651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
},
{
"name": "SUSE-SU-2016:1378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"name": "SUSE-SU-2016:1248",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
},
{
"name": "SUSE-SU-2016:1379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
},
{
"name": "USN-2964-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2964-1"
},
{
"name": "openSUSE-SU-2016:1230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
},
{
"name": "SUSE-SU-2016:1458",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"name": "GLSA-201606-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-18"
},
{
"name": "RHSA-2016:0716",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"name": "1035596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "openSUSE-SU-2016:1265",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
},
{
"name": "USN-2963-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2963-1"
},
{
"name": "RHSA-2016:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
},
{
"name": "SUSE-SU-2016:1250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
},
{
"name": "SUSE-SU-2016:1388",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"name": "RHSA-2016:0702",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"name": "RHSA-2016:0679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"name": "RHSA-2017:1216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "DSA-3558",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3558"
},
{
"name": "RHSA-2016:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"name": "86421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86421"
},
{
"name": "RHSA-2016:0650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
},
{
"name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
},
{
"name": "RHSA-2016:0677",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"name": "SUSE-SU-2016:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"name": "RHSA-2016:1039",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"name": "RHSA-2016:0701",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"name": "USN-2972-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2972-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1303",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"name": "1037331",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037331"
},
{
"name": "SUSE-SU-2016:1475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"name": "openSUSE-SU-2016:1235",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
},
{
"name": "openSUSE-SU-2016:1262",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
},
{
"name": "SUSE-SU-2016:1300",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"name": "RHSA-2016:0676",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"name": "RHSA-2016:0708",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"name": "RHSA-2016:0723",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
},
{
"name": "RHSA-2016:0651",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
},
{
"name": "SUSE-SU-2016:1378",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"name": "SUSE-SU-2016:1248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
},
{
"name": "SUSE-SU-2016:1379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
},
{
"name": "USN-2964-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2964-1"
},
{
"name": "openSUSE-SU-2016:1230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
},
{
"name": "SUSE-SU-2016:1458",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"name": "GLSA-201606-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-18"
},
{
"name": "RHSA-2016:0716",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"name": "1035596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035596"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "openSUSE-SU-2016:1265",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
},
{
"name": "USN-2963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2963-1"
},
{
"name": "RHSA-2016:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
},
{
"name": "SUSE-SU-2016:1250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
},
{
"name": "SUSE-SU-2016:1388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"name": "RHSA-2016:0702",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"name": "RHSA-2016:0679",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"name": "RHSA-2017:1216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name": "DSA-3558",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3558"
},
{
"name": "RHSA-2016:0678",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"name": "86421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86421"
},
{
"name": "RHSA-2016:0650",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948@%3Cdev.cassandra.apache.org%3E"
},
{
"name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-3427",
"datePublished": "2016-04-21T10:00:00",
"dateReserved": "2016-03-17T00:00:00",
"dateUpdated": "2024-10-08T15:07:05.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-2684
Vulnerability from cvelistv5
Published
2019-04-23 18:16
Modified
2024-10-02 15:40
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java |
Version: Java SE: 7u211, 8u202, 11.0.2, 12 Version: Java SE Embedded: 8u201 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "openSUSE-SU-2019:1327",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
},
{
"name": "RHSA-2019:1146",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1146"
},
{
"name": "USN-3975-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3975-1/"
},
{
"name": "RHSA-2019:1164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1164"
},
{
"name": "RHSA-2019:1163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1163"
},
{
"name": "RHSA-2019:1165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1165"
},
{
"name": "RHSA-2019:1166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1166"
},
{
"name": "RHSA-2019:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1238"
},
{
"name": "openSUSE-SU-2019:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "DSA-4453",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4453"
},
{
"name": "20190530 [SECURITY] [DSA 4453-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/75"
},
{
"name": "openSUSE-SU-2019:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html"
},
{
"name": "RHSA-2019:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1325"
},
{
"name": "RHSA-2019:1518",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1518"
},
{
"name": "GLSA-201908-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03959en_us"
},
{
"name": "[tomcat-dev] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20191218 svn commit: r1871756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K11175903?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[cassandra-dev] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[oss-security] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/01/4"
},
{
"name": "[cassandra-user] 20200901 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200902 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200911 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:32.671550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:40:28.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Java SE: 7u211, 8u202, 11.0.2, 12"
},
{
"status": "affected",
"version": "Java SE Embedded: 8u201"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-11T15:06:14",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "openSUSE-SU-2019:1327",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html"
},
{
"name": "RHBA-2019:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
},
{
"name": "RHSA-2019:1146",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1146"
},
{
"name": "USN-3975-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3975-1/"
},
{
"name": "RHSA-2019:1164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1164"
},
{
"name": "RHSA-2019:1163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1163"
},
{
"name": "RHSA-2019:1165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1165"
},
{
"name": "RHSA-2019:1166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1166"
},
{
"name": "RHSA-2019:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1238"
},
{
"name": "openSUSE-SU-2019:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "DSA-4453",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4453"
},
{
"name": "20190530 [SECURITY] [DSA 4453-1] openjdk-8 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/75"
},
{
"name": "openSUSE-SU-2019:1500",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html"
},
{
"name": "RHSA-2019:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1325"
},
{
"name": "RHSA-2019:1518",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1518"
},
{
"name": "GLSA-201908-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03959en_us"
},
{
"name": "[tomcat-dev] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20191218 svn commit: r1871756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K11175903?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[cassandra-dev] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[oss-security] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/01/4"
},
{
"name": "[cassandra-user] 20200901 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200902 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200911 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 7u211, 8u202, 11.0.2, 12"
},
{
"version_affected": "=",
"version_value": "Java SE Embedded: 8u201"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "openSUSE-SU-2019:1327",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html"
},
{
"name": "RHBA-2019:0959",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"name": "[debian-lts-announce] 20190510 [SECURITY] [DLA 1782-1] openjdk-7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
},
{
"name": "RHSA-2019:1146",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1146"
},
{
"name": "USN-3975-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3975-1/"
},
{
"name": "RHSA-2019:1164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1164"
},
{
"name": "RHSA-2019:1163",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1163"
},
{
"name": "RHSA-2019:1165",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1165"
},
{
"name": "RHSA-2019:1166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1166"
},
{
"name": "RHSA-2019:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1238"
},
{
"name": "openSUSE-SU-2019:1439",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "DSA-4453",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4453"
},
{
"name": "20190530 [SECURITY] [DSA 4453-1] openjdk-8 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/75"
},
{
"name": "openSUSE-SU-2019:1500",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html"
},
{
"name": "RHSA-2019:1325",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1325"
},
{
"name": "RHSA-2019:1518",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1518"
},
{
"name": "GLSA-201908-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-10"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03959en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03959en_us"
},
{
"name": "[tomcat-dev] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108@%3Cannounce.apache.org%3E"
},
{
"name": "[tomcat-announce] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20191218 svn commit: r1871756 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20191218 [SECURITY] CVE-2019-12418 Local Privilege Escalation",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "https://support.f5.com/csp/article/K11175903?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K11175903?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[cassandra-dev] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152@%3Cdev.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[oss-security] 20200901 CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/09/01/4"
},
{
"name": "[cassandra-user] 20200901 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200902 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7@%3Cuser.cassandra.apache.org%3E"
},
{
"name": "[cassandra-user] 20200911 Re: CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc@%3Cuser.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2684",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:40:28.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8016
Vulnerability from cvelistv5
Published
2018-06-28 16:00
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Cassandra |
Version: Apache Cassandra 3.8 to 3.11.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:11.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bafb9060bbdf958a1c15ba66c68531116fba4a83858a2796254da066%40%3Cuser.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cassandra",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Cassandra 3.8 to 3.11.1"
}
]
}
],
"datePublic": "2018-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configuration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-28T15:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/bafb9060bbdf958a1c15ba66c68531116fba4a83858a2796254da066%40%3Cuser.cassandra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-06-25T00:00:00",
"ID": "CVE-2018-8016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cassandra",
"version": {
"version_data": [
{
"version_value": "Apache Cassandra 3.8 to 3.11.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/bafb9060bbdf958a1c15ba66c68531116fba4a83858a2796254da066@%3Cuser.cassandra.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/bafb9060bbdf958a1c15ba66c68531116fba4a83858a2796254da066@%3Cuser.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-8016",
"datePublished": "2018-06-28T16:00:00Z",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-09-16T18:34:08.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-02-11 13:15
Modified
2024-11-21 06:31
Severity ?
Summary
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC06A32-4458-44A4-B6DD-EA9BFD362D09",
"versionEndExcluding": "3.0.26",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6C2BFF-2F8A-40B8-85E5-3C6C658C3A97",
"versionEndExcluding": "3.11.12",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FBC157-F7A5-43F5-B416-354C3B28F78A",
"versionEndExcluding": "4.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE."
},
{
"lang": "es",
"value": "Cuando es ejecutado Apache Cassandra con la siguiente configuraci\u00f3n: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false es posible que un atacante ejecute c\u00f3digo arbitrario en el host. El atacante necesitar\u00eda tener suficientes permisos para crear funciones definidas por el usuario en el cluster para poder explotar esto. Tenga en cuenta que esta configuraci\u00f3n est\u00e1 documentada como no segura, y seguir\u00e1 siendo considerada no segura despu\u00e9s de esta CVE"
}
],
"id": "CVE-2021-44521",
"lastModified": "2024-11-21T06:31:09.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T13:15:07.907",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0001/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-03 14:59
Modified
2024-11-21 02:22
Severity ?
Summary
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cassandra | 1.2.0 | |
| apache | cassandra | 1.2.1 | |
| apache | cassandra | 1.2.2 | |
| apache | cassandra | 1.2.3 | |
| apache | cassandra | 1.2.4 | |
| apache | cassandra | 1.2.5 | |
| apache | cassandra | 1.2.6 | |
| apache | cassandra | 1.2.7 | |
| apache | cassandra | 1.2.8 | |
| apache | cassandra | 1.2.9 | |
| apache | cassandra | 1.2.10 | |
| apache | cassandra | 1.2.11 | |
| apache | cassandra | 1.2.12 | |
| apache | cassandra | 1.2.13 | |
| apache | cassandra | 1.2.14 | |
| apache | cassandra | 1.2.15 | |
| apache | cassandra | 1.2.16 | |
| apache | cassandra | 1.2.17 | |
| apache | cassandra | 1.2.18 | |
| apache | cassandra | 1.2.19 | |
| apache | cassandra | 2.0.0 | |
| apache | cassandra | 2.0.1 | |
| apache | cassandra | 2.0.2 | |
| apache | cassandra | 2.0.3 | |
| apache | cassandra | 2.0.4 | |
| apache | cassandra | 2.0.5 | |
| apache | cassandra | 2.0.6 | |
| apache | cassandra | 2.0.7 | |
| apache | cassandra | 2.0.8 | |
| apache | cassandra | 2.0.9 | |
| apache | cassandra | 2.0.10 | |
| apache | cassandra | 2.0.11 | |
| apache | cassandra | 2.0.12 | |
| apache | cassandra | 2.0.13 | |
| apache | cassandra | 2.1.0 | |
| apache | cassandra | 2.1.1 | |
| apache | cassandra | 2.1.2 | |
| apache | cassandra | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7185D5BD-A761-47FF-864C-62AFF17C4C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2826C5-55D8-49DF-8942-73B7AA52F686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D4F6C4-8607-4D9F-ACA0-E892BEB9E4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEF6FBA-E9D3-4A59-A0EC-AB4A17D71774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CF35EAD-4253-408E-8638-C515D7D3AE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E2E7-8FA7-4E39-8E61-690EF2C16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC42624-F2C2-4536-BFA9-E0CDB72FC3CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CB393CE4-7F70-49F9-99A4-AB81A1276A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "960EA495-02C4-4A38-852B-195900CA6476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBF756-B34A-4173-B099-D8AAE105D824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "10D70F77-3328-4C47-AAD2-9B0CCECF4165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E98FFA5D-191A-442D-9234-7DCA6F7C8CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50B85966-303D-4777-B0BB-2B9E79CF2782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9714C5-3350-48AF-B41A-3053741160E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B272E975-E46C-423C-B45A-058C266F37BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B8A3A3-CA78-42CB-8F2A-F5E489E19702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E00D6FD4-F798-4571-B3A0-A68DB9D06F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A226328-6E53-4ADD-9CD6-B562BE8CE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD6D2FB-6E23-48A4-827A-7B0BF1E88203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:1.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "233A5008-288C-418C-8279-1DF105680CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D4E328-2DF0-4713-831C-08825B02B4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05258E84-74AA-429E-BFE9-4B760D5F1140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9035E5B6-E31F-4A35-A3A7-2515DD954A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5C2B18-2BE9-4DC3-AF58-91455ED7C062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "484E0A74-0DD7-43F2-82E6-1C20D9FC266E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76DB09-274F-4147-99BA-FDBED1BA14EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901804-DDC9-4F51-AAA2-F780E058F2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82EEFC7E-8349-49A4-B445-D054ECA48BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0314AC6E-A7C1-4887-A9A2-C87B4E164F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "20A9F0A4-F953-416B-B58A-50A5CB0C6222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "59EB2539-B2C4-4A9A-B7AF-60898616655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1967C9CD-1B2C-44E6-A57A-F3EDD196E3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4D32C1-EA18-4E81-A8A8-0580A0284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5DD03D-6865-4000-9BFA-5CC40B34EDFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25C30E12-552B-4E30-B66C-9B17720025B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC90CB20-81D6-4BE8-B5D8-6084953AE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5F1CFC-1F17-4D37-9DA8-FD0D6F67E5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E147A84-CDA1-4B6F-AEA2-20117C0FDBDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en Apache Cassandra 1.2.0 hasta 1.2.19, 2.0.0 hasta 2.0.13, y 2.1.0 hasta 2.1.3 vincula una interfaz JMX/RMI no autenticada a todas las interfaces de la red, lo que permite a atacantes remotos ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de una solicitud RMI."
}
],
"id": "CVE-2015-0225",
"lastModified": "2024-11-21T02:22:35.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-03T14:59:00.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73478"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1034002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034002"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-13 14:59
Modified
2024-11-21 02:53
Severity ?
Summary
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netty | netty | * | |
| netty | netty | * | |
| redhat | jboss_data_grid | 7.1 | |
| redhat | jboss_middleware_text-only_advisories | 1.0 | |
| apache | cassandra | 3.11.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9FF975-8887-4259-84A0-D8BB64A23DD8",
"versionEndExcluding": "4.0.37",
"versionStartIncluding": "4.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A49BEC2D-E528-4C25-A5FD-C7DFEB44F450",
"versionEndExcluding": "4.1.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8912FC8-FAC1-4503-85F7-3231675450FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*",
"matchCriteriaId": "A0FED4EE-0AE2-4BD8-8DAC-143382E4DB7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:3.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABBC2C1-A6CD-459F-97F0-8D7C2D0CDEBF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop)."
},
{
"lang": "es",
"value": "handler/ssl/OpenSslEngine.java en Netty 4.0.x en versiones anteriores a 4.0.37.Final y 4.1.x en versiones anteriores a 4.1.1.Final permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito)."
}
],
"evaluatorComment": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"id": "CVE-2016-4970",
"lastModified": "2024-11-21T02:53:19.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-13T14:59:01.823",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96540"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/pull/5364"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://netty.io/news/2016/06/07/4-0-37-Final.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://netty.io/news/2016/06/07/4-1-1-Final.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0179.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/pull/5364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-01 21:15
Modified
2024-11-21 05:02
Severity ?
Summary
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "930123F9-7681-4950-A69A-4B1DB6CFC157",
"versionEndExcluding": "2.1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC5281-8A0B-45A9-8E05-6709516DDFCD",
"versionEndExcluding": "2.2.18",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE85F320-9AD4-48CA-AAD6-D3436E132204",
"versionEndExcluding": "3.0.22",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291DAFA7-48C8-43D0-A800-FC0337764EB4",
"versionEndExcluding": "3.11.8",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "730AD2BE-5DF1-42C1-934E-B4C4EA4B6BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "04C093DB-F50C-465D-96DE-02B18EDA4F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "A983471D-B99E-4072-9471-CC84645DC76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "C0F8BC82-2AA3-4892-9541-A3D4EC4B5C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A7B8B2B7-874C-45C7-88B9-CAEF8F12D1EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely."
},
{
"lang": "es",
"value": "En Apache Cassandra, todas las versiones anteriores a 2.1.22, 2.2.18, 3.0.22, 3.11.8 y 4.0-beta2, es posible a un atacante local sin acceso al proceso de Apache Cassandra o archivos de configuraci\u00f3n manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle y capturar los nombres de usuario y las contrase\u00f1as usadas para acceder a la interfaz JMX.\u0026#xa0;El atacante puede usar estas credenciales para acceder a la interfaz JMX y llevar a cabo operaciones no autorizadas.\u0026#xa0;Los usuarios tambi\u00e9n deben conocer de CVE-2019-2684, una vulnerabilidad de JRE que permite explotar este problema remotamente"
}
],
"id": "CVE-2020-13946",
"lastModified": "2024-11-21T05:02:12.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-01T21:15:11.833",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0005/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-21 11:00
Modified
2025-01-27 21:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
References
Impacted products
{
"cisaActionDue": "2023-06-02",
"cisaExploitAdd": "2023-05-12",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Oracle Java SE and JRockit Unspecified Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update113:*:*:*:*:*:*",
"matchCriteriaId": "AE4602E8-1466-4148-BC89-7FAFFA14A886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update99:*:*:*:*:*:*",
"matchCriteriaId": "C3D13189-1F7B-482F-ABF7-CC8D563716C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update77:*:*:*:*:*:*",
"matchCriteriaId": "C6CAC2AE-7FB0-40F4-9A45-533943A35772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.6.0:update113:*:*:*:*:*:*",
"matchCriteriaId": "F0D546F4-B709-4522-B84A-7D6C301814BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update99:*:*:*:*:*:*",
"matchCriteriaId": "0BF73F1C-91F1-41F6-956C-4A64603DCDF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update77:*:*:*:*:*:*",
"matchCriteriaId": "CDF71474-FFBF-44A0-A5EC-CD3E50472D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jrockit:r28.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7ACC3A-F8F4-4B53-981A-697569B172CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
"matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
"matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "069D0EC4-BE9D-44A9-82B0-36EFA3702EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_report:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50E60FEB-7FC2-491A-B492-5A5DC0A4821A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73019FE2-F7CE-4B12-9DC1-8333F08A7D9C",
"versionEndIncluding": "9.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
"versionStartIncluding": "7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCAE701-DCF8-4031-A711-218D5ADFAD24",
"versionEndExcluding": "2.1.22",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC5281-8A0B-45A9-8E05-6709516DDFCD",
"versionEndExcluding": "2.2.18",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE85F320-9AD4-48CA-AAD6-D3436E132204",
"versionEndExcluding": "3.0.22",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291DAFA7-48C8-43D0-A800-FC0337764EB4",
"versionEndExcluding": "3.11.8",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A7B8B2B7-874C-45C7-88B9-CAEF8F12D1EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_module_for_legacy:12:*:*:*:*:*:*:*",
"matchCriteriaId": "C0257D57-ABF4-49FF-AA59-1B82FAA6D147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
"matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores relacionados con JMX."
}
],
"id": "CVE-2016-3427",
"lastModified": "2025-01-27T21:29:03.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2016-04-21T11:00:21.667",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3558"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/86421"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035596"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037331"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2963-1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2964-1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2972-1"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Broken Link"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201606-18"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/86421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2963-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2964-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2972-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201606-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-23 19:32
Modified
2024-11-21 04:41
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update211:*:*:*:*:*:*",
"matchCriteriaId": "4799C9AF-4B5E-413D-8E50-0B4C386AB2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update201:*:*:*:*:*:*",
"matchCriteriaId": "4E22CE3F-0A12-4781-8CF4-3212CF821CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update202:*:*:*:*:*:*",
"matchCriteriaId": "E48B134C-4673-48A9-A3B2-56FB51635AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40C0CB6C-5A35-45E8-A481-F437360F6B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B6FA8C-949B-409C-BF4A-DB2C00FA7BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update211:*:*:*:*:*:*",
"matchCriteriaId": "5C613D47-E892-45BB-BF66-EDF620A42789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update201:*:*:*:*:*:*",
"matchCriteriaId": "29C755B0-7396-49DF-A4D4-3CA09759CEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update202:*:*:*:*:*:*",
"matchCriteriaId": "990A3CA7-0EF0-4313-B848-925C9B02A0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A824CA38-74B2-43FC-9C72-6CE37B97D59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:12:*:*:*:*:*:*:*",
"matchCriteriaId": "A62FA072-5649-467F-BFC1-29917673962A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCAE701-DCF8-4031-A711-218D5ADFAD24",
"versionEndExcluding": "2.1.22",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC5281-8A0B-45A9-8E05-6709516DDFCD",
"versionEndExcluding": "2.2.18",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE85F320-9AD4-48CA-AAD6-D3436E132204",
"versionEndExcluding": "3.0.22",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "291DAFA7-48C8-43D0-A800-FC0337764EB4",
"versionEndExcluding": "3.11.8",
"versionStartIncluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A7B8B2B7-874C-45C7-88B9-CAEF8F12D1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF204D4-F525-4391-8BE2-8E110F2CC98F",
"versionEndIncluding": "7.0.97",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF454438-4732-4232-9BEE-DFAFA6E355F7",
"versionEndIncluding": "8.5.47",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6522EEBA-BF28-42B0-83A8-F72F79978431",
"versionEndIncluding": "9.0.28",
"versionStartIncluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7A9621DC-39D9-40B4-B062-3D68947B5354",
"versionEndExcluding": "8.6.5-00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se ven afectadas son Java SE: 7u211, 8u202, 11.0.2 y 12; Java SE integrado: 8u201. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometa Java SE, Java SE Embedded. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizadas de informaci\u00f3n cr\u00edtica o de todos los datos accesibles de Java SE, Java SE Embedded. Nota: esta vulnerabilidad se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o en applets de Java en espacio aislado (en Java SE 8), que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y se basan en Java Sandbox para seguridad. Esta vulnerabilidad tambi\u00e9n puede explotarse mediante el uso de APIs en el Componente especificado, por ejemplo, por medio de un servicio web que suministra datos a las API. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"id": "CVE-2019-2684",
"lastModified": "2024-11-21T04:41:21.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-23T19:32:55.443",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/01/4"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1146"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1163"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1164"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1165"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1166"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1238"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1325"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1518"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/75"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-10"
},
{
"source": "secalert_us@oracle.com",
"url": "https://support.f5.com/csp/article/K11175903?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03959en_us"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3975-1/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/01/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K11175903?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03959en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3975-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4453"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-28 16:29
Modified
2024-11-21 04:13
Severity ?
Summary
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "848F577A-CD49-4FA5-A10B-ECEE0A008536",
"versionEndIncluding": "3.11.1",
"versionStartIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto en Apache Cassandra desde la versi\u00f3n 3.8 hasta la 3.11.1 vincula una interfaz JMX/RMI no autenticada a todas las interfaces de red, lo que permite que los atacantes ejecuten c\u00f3digo arbitrario Java mediante una petici\u00f3n RMI. Este candidato es una regresi\u00f3n de CVE-2015-0225. Se introdujo la regresi\u00f3n en ttps://issues.apache.org/jira/browse/CASSANDRA-12109. La soluci\u00f3n para la regresi\u00f3n se implement\u00f3 en https://issues.apache.org/jira/browse/CASSANDRA-14173. Esta soluci\u00f3n est\u00e1 contenida en la distribuci\u00f3n 3.11.2 de Apache Cassandra."
}
],
"id": "CVE-2018-8016",
"lastModified": "2024-11-21T04:13:06.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-28T16:29:00.217",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/bafb9060bbdf958a1c15ba66c68531116fba4a83858a2796254da066%40%3Cuser.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bafb9060bbdf958a1c15ba66c68531116fba4a83858a2796254da066%40%3Cuser.cassandra.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-30 08:15
Modified
2024-11-21 08:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.
WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.
MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "124F4310-165F-4510-8A2B-58F16EE9B65D",
"versionEndExcluding": "4.0.10",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B24681-2B2D-4BAC-9A33-BD771E411E7D",
"versionEndExcluding": "4.1.2",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.\n\nWORKAROUND\nThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.\n\nMITIGATION\nUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property\u00a0allow_nodetool_archive_command as false."
}
],
"id": "CVE-2023-30601",
"lastModified": "2024-11-21T08:00:28.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-30T08:15:10.450",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-03 17:15
Modified
2024-11-21 05:08
Severity ?
Summary
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B61EDD10-0909-46EF-9CF9-4864CDA49303",
"versionEndIncluding": "2.1.22",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5E166F-E5BE-436B-9A29-03C93F7921FD",
"versionEndIncluding": "2.2.19",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DDE4AE-9B3A-40FE-ADBA-821B71CB939B",
"versionEndIncluding": "3.0.23",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A98515B9-8285-4428-BE7B-292829D7D329",
"versionEndIncluding": "3.11.9",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using \u0027dc\u0027 or \u0027rack\u0027 internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement."
},
{
"lang": "es",
"value": "Apache Cassandra versiones 2.1.0 hasta 2.1.22, versiones 2.2.0 hasta 2.2.19, versiones 3.0.0 hasta 3.0.23 y versiones 3.11.0 hasta 3.11.9, cuando se usa la configuraci\u00f3n internode_encryption de \"dc\" o \"rack\", permite ambas conexiones de entre nodo cifradas y no cifradas.\u0026#xa0;Un nodo configurado inapropiadamente o un usuario malicioso pueden usar la conexi\u00f3n no cifrada a pesar de no estar en el mismo rack o dc y omitir el requisito mutuo de TLS"
}
],
"id": "CVE-2020-17516",
"lastModified": "2024-11-21T05:08:16.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-03T17:15:13.123",
"references": [
{
"source": "security@apache.org",
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}