CVE-2015-0225: Improper Neutralization of Special Elements used in a Command ('Command Injection')

May 14, 2022 (updated July 6, 2022)

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

References

packetstormsecurity.com/files/131249/Apache-Cassandra-Remote-Code-Execution.html
rhn.redhat.com/errata/RHSA-2015-1947.html
www.mail-archive.com/user@cassandra.apache.org/msg41819.html
github.com/advisories/GHSA-w7f2-gjxf-2gm9
nvd.nist.gov/vuln/detail/CVE-2015-0225

Code Behaviors & Features

Detect and mitigate CVE-2015-0225 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →