{
  "threat_severity" : "Important",
  "public_date" : "2015-04-01T00:00:00Z",
  "bugzilla" : {
    "description" : "Cassandra: remote code execution via unauthenticated JMX/RMI interface",
    "id" : "1208181",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1208181"
  },
  "cvss" : {
    "cvss_base_score" : "7.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-306",
  "details" : [ "The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.", "It was found that Apache Cassandra bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote execution of serialized Java, could use this flaw to execute arbitrary code as the user running Cassandra." ],
  "affected_release" : [ {
    "product_name" : "Red Hat JBoss Operations Network 3.3",
    "release_date" : "2015-10-28T00:00:00Z",
    "advisory" : "RHSA-2015:1947",
    "cpe" : "cpe:/a:redhat:jboss_operations_network:3.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat JBoss Operations Network 2",
    "fix_state" : "Not affected",
    "package_name" : "Cassandra",
    "cpe" : "cpe:/a:redhat:jboss_operations_network:2"
  }, {
    "product_name" : "Red Hat JBoss Operations Network 3",
    "fix_state" : "Affected",
    "package_name" : "Cassandra",
    "cpe" : "cpe:/a:redhat:jboss_operations_network:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0225\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0225" ],
  "name" : "CVE-2015-0225",
  "csaw" : false
}