CVE-2017-15692: Input Validation
First published: Tue Feb 27 2018(Updated: )
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Geode | <1.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Apache Geode vulnerability?
The vulnerability ID for this Apache Geode vulnerability is CVE-2017-15692.
What is the severity level of CVE-2017-15692?
The severity level of CVE-2017-15692 is critical with a score of 9.8 out of 10.
What is the affected software for CVE-2017-15692?
The affected software for CVE-2017-15692 is Apache Geode versions up to but excluding 1.4.0.
What is the description of CVE-2017-15692?
CVE-2017-15692 is a vulnerability in Apache Geode where the TcpServer within the Geode locator opens a network port that deserializes data, allowing unprivileged users to potentially execute remote code if certain classes are present on the classpath.
Are there any references available for CVE-2017-15692?
Yes, there are references available for CVE-2017-15692. They can be found at http://www.securityfocus.com/bid/103205 and https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache geode