CVE-2018-8016 is a vulnerability in Apache Cassandra
Published on June 28, 2018
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.
Products Associated with CVE-2018-8016
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-8016 are published in Apache Cassandra:
Affected Versions
Apache Software Foundation Apache Cassandra Version Apache Cassandra 3.8 to 3.11.1 is affected by CVE-2018-8016Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.