CVE-2017-15692

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-15692
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15692.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15692
Aliases
Published
2018-02-27T15:29:00.207Z
Modified
2026-04-11T04:37:55.121609Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

References

Affected packages

Git / github.com/apache/geode

Affected ranges

Type
GIT
Repo
https://github.com/apache/geode
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2a70679608120042fa7cbee67f4dd21a085d9588
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15692.json"
vanir_signatures_modified 
"2026-04-11T04:37:55Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "316743741218310762065466922944912221038",
                "332315385312385399593274253053445882430",
                "232050433968006274162616794472557588560",
                "90868179975999448076116577995583609790"
            ]
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-0a87957f",
        "signature_type": "Line",
        "target": {
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 88.0,
            "function_hash": "170517757388502051974591591969185092222"
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-464cc67e",
        "signature_type": "Function",
        "target": {
            "function": "before",
            "file": "geode-core/src/test/java/org/apache/geode/management/internal/beans/FileUploaderTest.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "252628531476536282860575398448455815291",
                "97884479263220489366504267417587610172",
                "267532009473092109460001655613975533497",
                "44233781341740472992052807052115089080",
                "143110649451206668047139111503534957460",
                "135821508598843898475291883742557364537",
                "7380382624047258335236869342632450029",
                "1397285613503386374858453508404836413",
                "119000601678087203830724718258106217398",
                "281906511593158560341380082074119780844",
                "288450077357541818025478050823530529907",
                "279118738397569944925485559297762383710",
                "163519512785474913454071683380523597384",
                "218572007967976626913136879877342854822",
                "274358852224206774525950673090993757434",
                "16198770601086890404173003857648950211",
                "275664831105509975581142508321539606631",
                "297585544326399071270585398114505112034",
                "170657320409084611425161244545365319036",
                "42824787987285103634005296787107858804",
                "337750493565778485572868453358824896664",
                "288372761505397826297125630311717068495",
                "246044735842592885176688572108905467576",
                "222986860218383822922709520044604911204",
                "74198225861548608064987366191839690111",
                "301838390462605062231439248401005719288",
                "33801488156289811946543996724133579072",
                "251980278549270458531617901197954191320",
                "120468755310185272304449944506329758898",
                "177242224103788914669270940214277714894",
                "253238575694319080877600089703178431400",
                "262206763347649972718218150880116122883",
                "29096911373486968888321602354315816034",
                "72248830196902326237324954804445356382",
                "134247060495254805664766659356126391602",
                "204310786187043646499957231808359520266",
                "33898572122481785464501369964464058033",
                "244063489144383248211824760787752076449",
                "38315330617660633262078895695140367373",
                "84911295596911545316274628788983241576",
                "119088824647276196439287310044419143447",
                "294414176604002787964698114414813632790",
                "321446147337756024751799402005774817368",
                "142338718673584638984052892825931697413",
                "274342326191778091500112152989501596559",
                "140963332407526573226443642674351048215",
                "256423821429410402088246147695932404328",
                "285823697993259039204438405351019720177",
                "191724802818083776176155962290735773855",
                "98302469384741214947783299529955512626",
                "254941753706440951326079755827493141304"
            ]
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-46f0fb0d",
        "signature_type": "Line",
        "target": {
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/beans/FileUploader.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 495.0,
            "function_hash": "267245304383713107678288541266664731829"
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-aee8b492",
        "signature_type": "Function",
        "target": {
            "function": "deleteFiles",
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/beans/FileUploader.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 737.0,
            "function_hash": "82578193537824718827368897951845266320"
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-b0789d29",
        "signature_type": "Function",
        "target": {
            "function": "uploadFile",
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/beans/FileUploader.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "215273352605140818709391818103858880121",
                "56344197392877441488745547379188600698",
                "220237422304598669700894478406404172462",
                "299278533776853080029591923977707116442",
                "183535069334735190731310543086425847202",
                "235184443136163515384682185806225805917",
                "337123332391717636254155053265026905077",
                "150692001685318773323552616826142296865"
            ]
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-b41cdb2a",
        "signature_type": "Line",
        "target": {
            "file": "geode-core/src/test/java/org/apache/geode/management/internal/beans/FileUploaderTest.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 600.0,
            "function_hash": "108919642285814194288875026875775562199"
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-b9ff22eb",
        "signature_type": "Function",
        "target": {
            "function": "processCommand",
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "52902791257333014555215875458383939290",
                "207436414893581126308581725859740096722",
                "4727873883416783824787089820066462101",
                "16694894540719042714500147774333223260",
                "22152283237103441340176172722429686795",
                "127586303681403143510520779828926488476",
                "336999499650527445472516665244942373196",
                "225640094470517772468233449451784051916",
                "334349354597689008365087606753843074435",
                "335208198329288272087096959379024267979",
                "25651262466694684752587070212366420525",
                "257490934754515199134578454138530004766",
                "205743959197671355293935793786188202700",
                "304523371495177412410541771679218685254",
                "48695108421472391971535929443731111923",
                "183693787175781114453867533256419674799",
                "65296688027482086092210833189739080029",
                "299166395556246833615760584261711482170",
                "143237403309555456291029452095323901993",
                "285153359399740919314799994614792784005",
                "218996950050709343523665092916310627838",
                "34135394884650229709445756875753338230",
                "3841354533913485369466837269136739328",
                "280716110846515507612243853732781901613",
                "219673640346406811119424247350474521210",
                "323424513942333665402018794794799859509"
            ]
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-c94525d7",
        "signature_type": "Line",
        "target": {
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 551.0,
            "function_hash": "284297998546093367194612448368747303915"
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-deaefd37",
        "signature_type": "Function",
        "target": {
            "function": "registerFileUploaderMBean",
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "304801992753048382028256977413483463832",
                "1743053318807291390643283305705395469",
                "200700659299827449627886918564892054555",
                "205471190670398205249345171608149817395",
                "36056313989456921532860453318140156147",
                "282342012028430161486471471403489744870",
                "333523912747367414809502666860892751759",
                "329135971992360766591534476088717997740"
            ]
        },
        "source": "https://github.com/apache/geode/commit/2a70679608120042fa7cbee67f4dd21a085d9588",
        "id": "CVE-2017-15692-ff9c775f",
        "signature_type": "Line",
        "target": {
            "file": "geode-core/src/main/java/org/apache/geode/management/internal/beans/FileUploaderMBean.java"
        }
    }
]