CVEブラウザに戻る

CVE-2017-15692

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0660%

EPSS Percentile5.71th

Published2018年2月27日

Last Modified2024年11月21日

Vulnerability Description

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

Affected Platforms (CPE)

📦

Apache

Geode

< 1.4.0

References & Advisories

🔗 http://www.securityfocus.com/bid/103205

🔗 https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

🔗 http://www.securityfocus.com/bid/103205

🔗 https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

関連する脆弱性情報

CVE-2016-98859.8

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geod...

CVE-2017-156958.8

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is al...

CVE-2017-56497.5

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticat...

CVE-2021-347977.5

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using valu...