[SECURITY] CVE-2017-15695 Apache Geode remote code execution vulnerability

[SECURITY] CVE-2017-15695 Apache Geode remote code execution vulnerability

Apache, Geode, Code, The, Org, With, Https, Should, Users, Affected, This, Security, Software, Remote, Execution, Reported, Releasenotes, Responsibly, Teamby, Was, Upgrade, Later

CVE-2017-15695 Apache Geode remote code execution vulnerabilitySeverity: ImportantVendor: The Apache Software Foundation

CVE-2017-15695 Apache Geode remote code execution vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Geode 1.0.0 through 1.4.0
When a Geode server is configured with a security manager, a user with
DATA:WRITE privileges is allowed to deploy code by invoking an
internal Geode function. This allows remote code execution. Code
deployment should be restricted to users with DATA:MANAGE privilege.
Users of the affected versions should upgrade to Apache Geode 1.5.0 or later.
This issue was reported responsibly to the Apache Geode Security Team
by Dan Smith from Pivotal Software.
[1] https://issues.apache.org/jira/browse/GEODE-3974
[2] https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities

Zdroj: Apache

2018-06-12 23:14:25 281 58Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

release of Apache VCL 2.5

The Apache VCL project is pleased to announce the release of version 2.5. There are several new features and quite a num... čítať viac

instainfo - Instagram Basic Information (Joomla)

Joomla extension instainfo - Instagram Basic Information (Joomla). Instagram Basic Information module is a simple joomla module with lots of... čítať viac

Apache Wicket 8.0.0-M8 released

The Apache Wicket PMC is proud to announce Apache Wicket 8.0.0-M8!Apache Wicket is an open source Java component oriente... čítať viac

W3C Invites Implementations of Data Catalog Vocabulary (DCAT)

The Government Linked Data (GLD) Working Group today published the Data Catalog Vocabulary (DCAT) as a Candidate Recommendation. DCAT allows... čítať viac

The ApacheCon program is now available; Early Bird registration ends 28 February.

The ApacheCon North America 2015 schedule http://events.linuxfoundation.org/events/apachecon-north-america/?utm_source=lf&amputm_medium=... čítať viac

AutoTweetNG for DOCman (Joomla)

Joomla extension AutoTweetNG for DOCman (Joomla). AutoTweet-DOCman plug-in allows to directly auto-post content from DOCman to all social ne... čítať viac

Apache Log4j 2.4.1 released

The Apache Log4j 2 team is pleased to announce the Log4j 2.4.1 release!Apache log4j is a well known framework for loggin... čítať viac

JEmail Config Verifier (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom JEmail Config Verifier (Joomla). Joomla Email Configuration Verifier or sh... čítať viac