[SECURITY] CVE-2017-9796 Apache Geode OQL bind parameter vulnerability

[SECURITY] CVE-2017-9796 Apache Geode OQL bind parameter vulnerability

Apache, Geode, The, Affected, Read, Https, Within, Org, Access, Oql, Teamby, Security, Dan, Smith, From, Responsibly, Reported, Credit, Later, This, Issue, Was

CVE-2017-9796 Apache Geode OQL bind parameter vulnerabilitySeverity: ImportantVendor: The Apache Software FoundationVers


CVE-2017-9796 Apache Geode OQL bind parameter vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Geode 1.0.0 through 1.2.1
Description:
A malicious user with read access to specific regions within a Geode
cluster may execute OQL queries containing a region name as a bind
parameter that allow read access to objects within unauthorized
regions.
Mitigation:
Users of the affected versions should upgrade to Apache Geode 1.3.0 or later.
Credit:
This issue was reported responsibly to the Apache Geode Security Team
by Dan Smith from Pivotal.
References:
[1] https://issues.apache.org/jira/browse/GEODE-3248
[2] https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities
---
The Geode PMC

Zdroj: Apache

2018-01-09 23:05:34 668 171Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

Payment Processor [Pay One Touch] (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Payment Processor [Pay One Touch] (Joomla). This is the oneTouch payment g... čítať viac

Scroll Flickr Image (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Scroll Flickr Image (Joomla). Flickr Image Scroll module is module that sh... čítať viac

HelloMaps Locator for Community Builder (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom HelloMaps Locator for Community Builder (Joomla). HelloMaps Locator for Co... čítať viac

JE Responsive Price Table (Joomla)

Joomla extension JE Responsive Price Table (Joomla). JE Responsive Price Table helps you to create a Dynamic, 100% Responsive and Fully Cust... čítať viac

JEM (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom JEM (Joomla). JEM is a free Event Management Component for Joomla. Its ful... čítať viac

Email Additional Fields (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Email Additional Fields (Joomla). Leverages the mystical onSubmitContact J... čítať viac

Two Drafts Published by the Device APIs Working Group

The Device APIs Working Group has published two Working Drafts today: Ambient Light Events: The DeviceLightEvent interfa... čítať viac

Top Rated Products for Ecommerce WD (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Top Rated Products for Ecommerce WD (Joomla). The module will display the ... čítať viac