logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2018-1320

Description

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.


Affected Software


CPE Name Name Version
apache:thrift apache thrift 0.11.0
debian:debian_linux debian debian linux 8.0
f5:traffix_sdc f5 traffix sdc 5.1.0
oracle:global_lifecycle_management_opatch oracle global lifecycle management opatch 11.2.0.3.23
oracle:global_lifecycle_management_opatch oracle global lifecycle management opatch 12.2.0.1.19
oracle:global_lifecycle_management_opatch oracle global lifecycle management opatch 13.9.4.2.1
oracle:nosql_database oracle nosql database 19.3.12

Related