CVE-2015-0225: Remote code execution via unauthenticated JMX/RMI interface

April 3, 2015 (updated October 9, 2018)

The default configuration in this package binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

References

wiki.apache.org/cassandra/JmxSecurity

Detect and mitigate CVE-2015-0225 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →