[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX
From: Brandon Williams <brandonwilliams () apache ! org>
Date: 2020-08-31 22:03:52
Message-ID: CAAafH9QFUn9+sqmWs_i6XsBJdw+kPau5WePkUa_5tLfA908k-g () mail ! gmail ! com
[Download RAW message or body]
Versions Affected:
All versions prior to: 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77;
Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to
affect confidentiality, integrity, and availability via vectors
related to JMX. By default Cassandra only binds JMX locally.
Mitigation:
2.1.x users should upgrade to 2.1.22
2.2.x users should upgrade to 2.2.18
3.0.x users should upgrade to 3.0.22
3.11.x users should upgrade to 3.11.8
4.0-beta1 users should upgrade to 4.0-beta2
Alternatively, users can upgrade their JVM to versions after those in
the description.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic