Apache Geode Cluster Unauthenticated Client Multi-User Authentication Mode Vulnerability

Apache Geode Cluster Unauthenticated Client Multi-User Authentication Mode Vulnerability

CVE-2017-9797 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:P

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.

Learn more about our Cis Benchmark Audit For Apache Http Server.