{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"}, {"name": "RHSA-2015:1947", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"}, {"name": "73478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73478"}, {"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"}, {"name": "1034002", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034002"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", "refsource": "MLIST", "url": "http://www.mail-archive.com/user@cassandra.apache.org/msg41819.html"}, {"name": "RHSA-2015:1947", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"}, {"name": "73478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73478"}, {"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"}, {"name": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"}, {"name": "1034002", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034002"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.365Z"}, "title": "CVE Program Container", "references": [{"name": "[user] 20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"}, {"name": "RHSA-2015:1947", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"}, {"name": "73478", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/73478"}, {"name": "20150401 [SECURITY ANNOUNCEMENT] CVE-2015-0225", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"}, {"name": "1034002", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034002"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0225", "datePublished": "2015-04-03T14:00:00.000Z", "dateReserved": "2014-11-18T00:00:00.000Z", "dateUpdated": "2024-08-06T04:03:10.365Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cassandra:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7185D5BD-A761-47FF-864C-62AFF17C4C4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E2826C5-55D8-49DF-8942-73B7AA52F686", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B2D4F6C4-8607-4D9F-ACA0-E892BEB9E4EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7FEF6FBA-E9D3-4A59-A0EC-AB4A17D71774", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3CF35EAD-4253-408E-8638-C515D7D3AE9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "5419E2E7-8FA7-4E39-8E61-690EF2C16A77", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7DC42624-F2C2-4536-BFA9-E0CDB72FC3CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "CB393CE4-7F70-49F9-99A4-AB81A1276A5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "960EA495-02C4-4A38-852B-195900CA6476", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "4CBBF756-B34A-4173-B099-D8AAE105D824", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "10D70F77-3328-4C47-AAD2-9B0CCECF4165", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "E98FFA5D-191A-442D-9234-7DCA6F7C8CAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "50B85966-303D-4777-B0BB-2B9E79CF2782", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "FB9714C5-3350-48AF-B41A-3053741160E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "B272E975-E46C-423C-B45A-058C266F37BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "F5B8A3A3-CA78-42CB-8F2A-F5E489E19702", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "E00D6FD4-F798-4571-B3A0-A68DB9D06F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "9A226328-6E53-4ADD-9CD6-B562BE8CE9E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "ECD6D2FB-6E23-48A4-827A-7B0BF1E88203", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:1.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "233A5008-288C-418C-8279-1DF105680CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0D4E328-2DF0-4713-831C-08825B02B4E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "05258E84-74AA-429E-BFE9-4B760D5F1140", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9035E5B6-E31F-4A35-A3A7-2515DD954A81", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DE5C2B18-2BE9-4DC3-AF58-91455ED7C062", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "484E0A74-0DD7-43F2-82E6-1C20D9FC266E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BA76DB09-274F-4147-99BA-FDBED1BA14EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "6A901804-DDC9-4F51-AAA2-F780E058F2E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "82EEFC7E-8349-49A4-B445-D054ECA48BD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "0314AC6E-A7C1-4887-A9A2-C87B4E164F13", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "20A9F0A4-F953-416B-B58A-50A5CB0C6222", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "59EB2539-B2C4-4A9A-B7AF-60898616655B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "1967C9CD-1B2C-44E6-A57A-F3EDD196E3E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "0D4D32C1-EA18-4E81-A8A8-0580A0284000", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "4A5DD03D-6865-4000-9BFA-5CC40B34EDFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "25C30E12-552B-4E30-B66C-9B17720025B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CC90CB20-81D6-4BE8-B5D8-6084953AE98A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D5F1CFC-1F17-4D37-9DA8-FD0D6F67E5F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0E147A84-CDA1-4B6F-AEA2-20117C0FDBDF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto en Apache Cassandra 1.2.0 hasta 1.2.19, 2.0.0 hasta 2.0.13, y 2.1.0 hasta 2.1.3 vincula una interfaz JMX/RMI no autenticada a todas las interfaces de la red, lo que permite a atacantes remotos ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de una solicitud RMI."}], "id": "CVE-2015-0225", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-03T14:59:00.070", "references": [{"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/73478"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1034002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1947.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/user%40cassandra.apache.org/msg41819.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/535154/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/73478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034002"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1947", "cpe": "cpe:/a:redhat:jboss_operations_network:3.3", "product_name": "Red Hat JBoss Operations Network 3.3", "release_date": "2015-10-28T00:00:00Z"}], "bugzilla": {"description": "Cassandra: remote code execution via unauthenticated JMX/RMI interface", "id": "1208181", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-306", "details": ["The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.", "It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra."], "name": "CVE-2015-0225", "package_state": [{"cpe": "cpe:/a:redhat:jboss_operations_network:2", "fix_state": "Not affected", "package_name": "Cassandra", "product_name": "Red Hat JBoss Operations Network 2"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Affected", "package_name": "Cassandra", "product_name": "Red Hat JBoss Operations Network 3"}], "public_date": "2015-04-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0225\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0225"], "threat_severity": "Important"}

{}