CVE-2017-15696: Infoleak
First published: Mon Feb 26 2018(Updated: )
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Geode | >=1.0.0<=1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Apache Geode vulnerability?
The vulnerability ID is CVE-2017-15696.
What is the severity of CVE-2017-15696?
The severity of CVE-2017-15696 is high with a severity value of 7.5.
How does CVE-2017-15696 affect Apache Geode?
CVE-2017-15696 affects Apache Geode versions before v1.4.0 operating in secure mode.
What is the impact of CVE-2017-15696?
CVE-2017-15696 allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
Is there a fix for CVE-2017-15696?
Yes, upgrading to Apache Geode v1.4.0 or later fixes CVE-2017-15696.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache geode
- version/apache geode/1.0.0
- version/apache geode/1.3.0