In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103205 | Third Party Advisory VDB Entry |
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E |
Configurations
History
No history.
Information
Published : 2018-02-27 15:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-15692
Mitre link : CVE-2017-15692
CVE.ORG link : CVE-2017-15692
JSON object : View
Products Affected
apache
- geode
CWE
CWE-502
Deserialization of Untrusted Data