cassandra-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	"Abhishek Singh (Jira)" <j...@apache.org>
Subject	[jira] [Updated] (CASSANDRA-15411) [9.8] [CVE-2017-5929] [Cassandra] [2.2.5]
Date	Tue, 12 Nov 2019 13:57:00 GMT
[ https://issues.apache.org/jira/browse/CASSANDRA-15411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek Singh updated CASSANDRA-15411: --------------------------------------- Description: Description :Description : Severity : CVE CVSS 3.0: 9.8Sonatype CVSS 3.0: 9.8 Weakness : CVE CWE: 502 Source : National Vulnerability Database Categories : Data Description from CVE : QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. Explanation : The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket, via an ObjectInputStream, without validating the data beforehand.When data is received from the Socket, to be logged, it is deserialized into Java objects.An attacker can exploit this vulnerability by sending malicious, serialized Java objects over the connection to the Socket, which may result in execution of arbitrary code when those objects are deserialized.Note that although logback-core is implicated by the Logback project here, the Sonatype Security Research team discovered that the vulnerability is actually present in the logback-classic and logback-access components. versions prior to 1.2.0, as stated in the advisory. Detection : The application is vulnerable by using this component. Recommendation : We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Root Cause : Cassandra-2.2.5.nupkgSocketNode.class : [1.0.12,1.2.0) Advisories : Project: [https://logback.qos.ch/news.html] CVSS Details : CVE CVSS 3.0: 9.8 Occurences (Paths) : ["TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cassandra.in.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cassandra.in.sh" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cqlsh.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/debug-cql.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/source-conf.ps1" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableloader.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstablescrub.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableupgrade.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableverify.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server.ps1" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/README.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/cassandra-rackdc.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/cassandra-topology.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/commitlog_archiving.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/triggers/README.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/ST4-4.0.8.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/airline-0.6.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/antlr-runtime-3.5.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-cli-1.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-lang3-3.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-math3-3.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/compress-lzf-0.8.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/concurrentlinkedhashmap-lru-1.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/disruptor-3.0.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/ecj-4.4.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/futures-2.1.6-py2.py3-none-any.zip" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/high-scale-lib-1.0.6.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jamm-0.3.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/javax.inject.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jbcrypt-0.3m.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jcl-over-slf4j-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/joda-time-2.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/json-simple-1.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/libthrift-0.9.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ST4-4.0.8.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/antlr-runtime-3.5.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/compress-lzf-0.8.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/concurrent-trees-2.4.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ecj-4.4.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/futures-2.1.6.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/high-scale-lib-1.0.6.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jbcrypt-0.3m.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jcl-over-slf4j-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jna-4.2.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jstackjunit-0.0.1.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/log4j-over-slf4j-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/logback-classic-1.1.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/logback-core-1.1.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/lz4-1.3.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/metrics-core-3.1.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/metrics-jvm-3.1.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ohc-0.4.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/reporter-config-base-3.0.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/reporter-config3-3.0.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/sigar-1.6.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/six-1.7.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/slf4j-api-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/stream-2.5.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/log4j-over-slf4j-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/logback-classic-1.1.3.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/logback-core-1.1.3.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/lz4-1.3.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/metrics-core-3.1.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/metrics-logback-3.1.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-1.6.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-freebsd-6.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-hpux-11.sl" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-pa-hpux-11.sl" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-aix-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-aix-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-s390x-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-sparc-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-sparc64-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-universal-macosx.dylib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-universal64-macosx.dylib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-6.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-amd64-winnt.dll" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.dll" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.lib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/six-1.7.3-py2.py3-none-any.zip" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/slf4j-api-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/snakeyaml-1.11.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/snappy-java-1.1.1.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/stream-2.5.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/thrift-server-0.3.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/__init__.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/saferscanner.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/sslhandling.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/ansi_colors.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/basecase.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cql_parsing.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_commands.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_invocation.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_parsing.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/winpty.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra-stress.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra.in.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra.in.sh" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstableexpiredblockers.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablelevelreset.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablemetadata.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstableofflinerelevel.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablerepairedset.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablesplit.bat"] CVE : CVE-2017-5929 URL : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] was: Description :Description : Severity : CVE CVSS 3.0: 9.8Sonatype CVSS 3.0: 9.8 Weakness : CVE CWE: 502 Source : National Vulnerability Database Categories : Data Description from CVE : QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. Explanation : The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket, via an ObjectInputStream, without validating the data beforehand.When data is received from the Socket, to be logged, it is deserialized into Java objects.An attacker can exploit this vulnerability by sending malicious, serialized Java objects over the connection to the Socket, which may result in execution of arbitrary code when those objects are deserialized.Note that although logback-core is implicated by the Logback project here, the Sonatype Security Research team discovered that the vulnerability is actually present in the logback-classic and logback-access components. versions prior to 1.2.0, as stated in the advisory. Detection : The application is vulnerable by using this component. Recommendation : We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Root Cause : Cassandra-2.2.5.nupkgSocketNode.class : [1.0.12,1.2.0) Advisories : Project: https://logback.qos.ch/news.html CVSS Details : CVE CVSS 3.0: 9.8 Occurences (Paths) : ["TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cassandra.in.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cassandra.in.sh" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cqlsh.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/debug-cql.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/source-conf.ps1" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableloader.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstablescrub.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableupgrade.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableverify.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server.ps1" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/README.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/cassandra-rackdc.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/cassandra-topology.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/commitlog_archiving.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/triggers/README.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/ST4-4.0.8.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/airline-0.6.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/antlr-runtime-3.5.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-cli-1.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-lang3-3.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-math3-3.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/compress-lzf-0.8.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/concurrentlinkedhashmap-lru-1.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/disruptor-3.0.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/ecj-4.4.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/futures-2.1.6-py2.py3-none-any.zip" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/high-scale-lib-1.0.6.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jamm-0.3.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/javax.inject.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jbcrypt-0.3m.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jcl-over-slf4j-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/joda-time-2.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/json-simple-1.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/libthrift-0.9.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ST4-4.0.8.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/antlr-runtime-3.5.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/compress-lzf-0.8.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/concurrent-trees-2.4.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ecj-4.4.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/futures-2.1.6.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/high-scale-lib-1.0.6.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jbcrypt-0.3m.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jcl-over-slf4j-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jna-4.2.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jstackjunit-0.0.1.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/log4j-over-slf4j-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/logback-classic-1.1.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/logback-core-1.1.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/lz4-1.3.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/metrics-core-3.1.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/metrics-jvm-3.1.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ohc-0.4.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/reporter-config-base-3.0.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/reporter-config3-3.0.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/sigar-1.6.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/six-1.7.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/slf4j-api-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/stream-2.5.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/log4j-over-slf4j-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/logback-classic-1.1.3.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/logback-core-1.1.3.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/lz4-1.3.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/metrics-core-3.1.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/metrics-logback-3.1.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-1.6.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-freebsd-6.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-hpux-11.sl" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-pa-hpux-11.sl" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-aix-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-aix-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-s390x-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-sparc-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-sparc64-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-universal-macosx.dylib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-universal64-macosx.dylib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-6.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-amd64-winnt.dll" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.dll" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.lib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/six-1.7.3-py2.py3-none-any.zip" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/slf4j-api-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/snakeyaml-1.11.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/snappy-java-1.1.1.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/stream-2.5.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/thrift-server-0.3.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/__init__.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/saferscanner.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/sslhandling.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/ansi_colors.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/basecase.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cql_parsing.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_commands.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_invocation.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_parsing.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/winpty.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra-stress.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra.in.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra.in.sh" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstableexpiredblockers.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablelevelreset.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablemetadata.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstableofflinerelevel.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablerepairedset.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablesplit.bat"] CVE : CVE-2017-5929 URL : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929 First Scan Date : Wed Apr 10 15:25:33 IST 2019 Report URL : http://vw-pun-bpm-bl15.bmc.com:8070/ui/links/application/test4/report/fd003f892d1e412688e40fbd36bc71fe > [9.8] [CVE-2017-5929] [Cassandra] [2.2.5] > ----------------------------------------- > > Key: CASSANDRA-15411 > URL: https://issues.apache.org/jira/browse/CASSANDRA-15411 > Project: Cassandra > Issue Type: Bug > Reporter: Abhishek Singh > Priority: Normal > > Description :Description : Severity : CVE CVSS 3.0: 9.8Sonatype CVSS 3.0: 9.8 > > Weakness : CVE CWE: 502 > > Source : National Vulnerability Database > > Categories : Data > Description from CVE : QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. > > Explanation : The RemoteStreamAppenderClient class in logback-classic and the SocketNode classes in logback-classic and logback-access allow data to be deserialized over a Java Socket, via an ObjectInputStream, without validating the data beforehand.When data is received from the Socket, to be logged, it is deserialized into Java objects.An attacker can exploit this vulnerability by sending malicious, serialized Java objects over the connection to the Socket, which may result in execution of arbitrary code when those objects are deserialized.Note that although logback-core is implicated by the Logback project here, the Sonatype Security Research team discovered that the vulnerability is actually present in the logback-classic and logback-access components. versions prior to 1.2.0, as stated in the advisory. > Detection : The application is vulnerable by using this component. > Recommendation : We recommend upgrading to a version of this component that is not vulnerable to this specific issue. > Root Cause : Cassandra-2.2.5.nupkgSocketNode.class : [1.0.12,1.2.0) > > Advisories : Project: [https://logback.qos.ch/news.html] > > CVSS Details : CVE CVSS 3.0: 9.8 > Occurences (Paths) : ["TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cassandra.in.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cassandra.in.sh" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/cqlsh.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/debug-cql.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/source-conf.ps1" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableloader.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstablescrub.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableupgrade.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/sstableverify.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/bin/stop-server.ps1" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/README.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/cassandra-rackdc.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/cassandra-topology.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/commitlog_archiving.properties" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/conf/triggers/README.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/ST4-4.0.8.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/airline-0.6.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/antlr-runtime-3.5.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-cli-1.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-lang3-3.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/commons-math3-3.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/compress-lzf-0.8.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/concurrentlinkedhashmap-lru-1.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/disruptor-3.0.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/ecj-4.4.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/futures-2.1.6-py2.py3-none-any.zip" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/high-scale-lib-1.0.6.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jamm-0.3.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/javax.inject.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jbcrypt-0.3m.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/jcl-over-slf4j-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/joda-time-2.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/json-simple-1.1.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/libthrift-0.9.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ST4-4.0.8.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/antlr-runtime-3.5.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/compress-lzf-0.8.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/concurrent-trees-2.4.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ecj-4.4.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/futures-2.1.6.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/high-scale-lib-1.0.6.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jbcrypt-0.3m.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jcl-over-slf4j-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jna-4.2.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/jstackjunit-0.0.1.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/log4j-over-slf4j-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/logback-classic-1.1.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/logback-core-1.1.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/lz4-1.3.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/metrics-core-3.1.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/metrics-jvm-3.1.0.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/ohc-0.4.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/reporter-config-base-3.0.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/reporter-config3-3.0.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/sigar-1.6.4.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/six-1.7.3.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/slf4j-api-1.7.7.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/licenses/stream-2.5.2.txt" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/log4j-over-slf4j-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/logback-classic-1.1.3.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/logback-core-1.1.3.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/lz4-1.3.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/metrics-core-3.1.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/metrics-logback-3.1.0.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-1.6.4.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-freebsd-6.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-hpux-11.sl" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-pa-hpux-11.sl" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-aix-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-aix-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-s390x-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-sparc-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-sparc64-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-universal-macosx.dylib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-universal64-macosx.dylib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-5.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-6.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-linux.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/libsigar-x86-solaris.so" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-amd64-winnt.dll" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.dll" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.lib" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/six-1.7.3-py2.py3-none-any.zip" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/slf4j-api-1.7.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/snakeyaml-1.11.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/snappy-java-1.1.1.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/stream-2.5.2.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/lib/thrift-server-0.3.7.jar" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/__init__.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/saferscanner.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/sslhandling.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/ansi_colors.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/basecase.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cql_parsing.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_commands.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_invocation.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_parsing.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/pylib/cqlshlib/test/winpty.py" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra-stress.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra.in.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/cassandra.in.sh" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstableexpiredblockers.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablelevelreset.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablemetadata.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstableofflinerelevel.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablerepairedset.bat" ; "TSO/solaris_bao_server_installer_8_3_00.tar/files/hdb/apache-cassandra.zip/tools/bin/sstablesplit.bat"] > CVE : CVE-2017-5929 > URL : [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org For additional commands, e-mail: commits-help@cassandra.apache.org
Mime	Unnamed text/plain (inline, Quoted Printable, 44963 bytes)
	View raw message