CVE-2018-8016 describes an issue with the default configuration of
Apache Cassandra releases 3.8 through 3.11.1 which binds an
unauthenticated JMX/RMI interface to all network interfaces allowing
attackers to execute arbitrary Java code via an RMI request. This
issue is a regression of the previously disclosed CVE-2015-0225.

The regression was introduced in The fix for the
regression is implemented in This fix is
contained in the 3.11.2 release of Apache Cassandra.

- The Apache Cassandra PMC

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to