Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-110540
HistoryOct 16, 2019 - 12:00 a.m.

Apache Thrift CVE-2019-0205 Denial of Service Vulnerability

2019-10-1600:00:00
Symantec Security Response
www.symantec.com
51
JSON

Description

Apache Thrift is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause the application enter into endless loop, denying service to legitimate users. Apache Thrift version 0.12.0 and prior are vulnerable.

Technologies Affected

  • Apache Thrift 0.10.0
  • Apache Thrift 0.11.0
  • Apache Thrift 0.12.0
  • Apache Thrift 0.5.0
  • Apache Thrift 0.9
  • Apache Thrift 0.9.1
  • Apache Thrift 0.9.2
  • Apache Thrift 0.9.3

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate successful exploit attempts or activity that results from a successful exploit.

Updates are available. Please see the references or vendor advisory for more information.

Related

ibm 12
cgr 1
gitlab 1
veracode 1
debiancve 1
redhatcve 1
ubuntucve 1
github 1
cve 1
prion 1
osv 2
wolfi 1
nessus 9
gentoo 1
openvas 1
redhat 15
oracle 1
ibm
ibm
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Apache Thrift (CVE-2019-0205)
2020-08-31 21:46:03
Security Bulletin: Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent
2023-07-14 13:39:38
Security Bulletin: Multiple vulnerabilities in libthrift affect IBM Application Performance Management products
2023-09-13 08:02:32
cgr
cgr
CVE-2019-0205 vulnerabilities
2024-05-05 09:06:28
gitlab
gitlab
Loop with Unreachable Exit Condition (Infinite Loop)
2019-10-29 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-05-29 06:57:57
debiancve
debiancve
CVE-2019-0205
2019-10-29 19:15:00
redhatcve
redhatcve
CVE-2019-0205
2020-03-30 08:14:11
ubuntucve
ubuntucve
CVE-2019-0205
2019-10-29 00:00:00
github
github
Loop with Unreachable Exit Condition in Apache Thrift
2022-05-24 17:00:01
cve
cve
CVE-2019-0205
2019-10-29 19:15:00
prion
prion
Design/Logic Flaw
2019-10-29 19:15:00
osv
osv
CVE-2019-0205
2019-10-29 19:15:15
Loop with Unreachable Exit Condition in Apache Thrift
2022-05-24 17:00:01
wolfi
wolfi
CVE-2019-0205 vulnerabilities
2024-05-05 09:06:29
nessus
nessus
GLSA-202107-32 : Apache Thrift: Multiple vulnerabilities
2022-01-24 00:00:00
EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)
2021-03-10 00:00:00
RHEL 6 / 8 : Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:0962)
2020-03-24 00:00:00
gentoo
gentoo
Apache Thrift: Multiple vulnerabilities
2021-07-14 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for thrift (EulerOS-SA-2021-1457)
2021-03-05 00:00:00
redhat
redhat
(RHSA-2020:0962) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update
2020-03-24 11:07:40
(RHSA-2020:0961) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update
2020-03-24 11:06:38
(RHSA-2020:0804) Important: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 security update
2020-03-12 16:44:41
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
JSON
Related for SMNTC-110540
ibm12cgr1gitlab1veracode1debiancve1redhatcve1ubuntucve1github1cve1prion1osv2wolfi1nessus9gentoo1openvas1redhat15oracle1