[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

241641

 
 

909

 
 

192372

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Authentication spoofing bypass vulnerability in Apache Cassandra - CVE-2020-17516 (rpm)

ID: oval:org.secpod.oval:def:82569Date: (C)2022-08-04   (M)2023-12-01
Class: VULNERABILITYFamily: unix




The host is installed with Apache Cassandra 2.1.x through 2.1.22, 2.2.x through 2.2.19, 3.0.x through 3.0.23 or 3.11.x through 3.11.9 and is prone to an authentication spoofing bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue the 'dc' or 'rack' internode_encryption setting. Successful exploitation allows attacker to use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.

Platform:
Linux
Product:
Apache Cassandra
Reference:
CVE-2020-17516
CVE    1
CVE-2020-17516

© SecPod Technologies