Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-17516

EPSS 0.85% · P75
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-17516

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用欺骗进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Cassandra 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Cassandra是Apache基金会的一个分布式Nosql数据库。Cassandra是一个混合型的非关系的数据库,类似于Google的BigTable。其主要功能比Dynamo (分布式的Key-Value存储系统)更丰富,但支持度却不如文档存储MongoDB(介于关系数据库和非关系数据库之间的开源产品,是非关系数据库当中功能最丰富,最像关系数据库的。 Cassandra 2.1-3.11.9 存在安全漏洞,该漏洞允许远程攻击者访问敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Apache Cassandra 2.1.0 to 2.1.22 -

II. Public POCs for CVE-2020-17516

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-17516

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-02-03 · 59 CVEs total

CVE-2020-288957.3 HIGHinteger overflow in calloc
CVE-2021-233314.4 MEDIUMInsecure Temporary File
CVE-2020-25208JetBrains YouTrack 授权问题漏洞
CVE-2020-29166RainbowFish PacsOne Server 代码问题漏洞
CVE-2020-29163RainbowFish PacsOne Server SQL注入漏洞
CVE-2020-29164RainbowFish PacsOne Server 跨站脚本漏洞
CVE-2020-29165RainbowFish PacsOne Server 访问控制错误漏洞
CVE-2021-25761Jetbrains JetBrains Ktor framework 加密问题漏洞
CVE-2021-25763JetBrains Ktor framework 加密问题漏洞
CVE-2021-25762Jetbrains JetBrains Ktor framework 环境问题漏洞
CVE-2021-25765Jetbrains JetBrains YouTrack 跨站请求伪造漏洞
CVE-2021-25760JetBrains Hub 信息泄露漏洞
CVE-2021-25766Jetbrains JetBrains YouTrack 安全漏洞
CVE-2021-25767Jetbrains JetBrains YouTrack 信息泄露漏洞
CVE-2021-25768JetBrains YouTrack 安全漏洞
CVE-2021-25769Jetbrains JetBrains YouTrack 安全漏洞
CVE-2021-25770JetBrains YouTrack 代码注入漏洞
CVE-2021-25771JetBrains YouTrack 信息泄露漏洞
CVE-2021-25773JetBrains TeamCity 跨站脚本漏洞
CVE-2021-25772JetBrains TeamCity 安全漏洞

Showing top 20 of 59 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Apache Cassandra
Same vendor: n/a
Same weakness: CWE-290

V. Comments for CVE-2020-17516

No comments yet

Leave a comment