Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.51 views

EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)

According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with...

7.8CVSS6.9AI score0.09082EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/01/17 1:56 p.m.55 views

Improper Input Validation in Apache Thrift

Apache Thrift Java client library versions 0.5.0 prior to 0.9.3-1 and 0.10.0 prior to 0.12.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in...

7.5CVSS3.8AI score0.08188EPSS
Exploits0References32Affected Software1
Veracode
Veracode
added 2019/01/08 2:29 a.m.25 views

Authentication Bypass

libthrift is vulnerable to authentication bypass. An assert which is used to determine the successful completion of an SASL handshake can be disabled in production settings, making the validation incomplete. An attacker is able to exploit this vulnerability to bypass the isComplete validation in...

7.5CVSS7.6AI score0.08188EPSS
Exploits0References43Affected Software1
Debian CVE
Debian CVE
added 2019/01/07 6:0 p.m.25 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.5CVSS7AI score0.08188EPSS
Exploits0
Cvelist
Cvelist
added 2019/01/07 6:0 p.m.36 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.4AI score0.08188EPSS
Exploits0References25
OSV
OSV
added 2019/01/07 5:29 p.m.2 views

DEBIAN-CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.5CVSS6.9AI score0.08188EPSS
Exploits0References1
Rows per page
Query Builder