Lucene search

PRIOn knowledge basePRION:CVE-2018-1320

HistoryJan 07, 2019 - 5:29 p.m.

Input validation

2019-01-0717:29:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

CPENameOperatorVersion
thriftge0.5.0
thriftle0.11.0
debian_linuxeq8.0
traffix_signaling_delivery_controllerge5.0.0
traffix_signaling_delivery_controllerle5.1.0
global_lifecycle_management_opatchlt11.2.0.3.23
global_lifecycle_management_opatchge12.2.0.1.0
global_lifecycle_management_opatchlt12.2.0.1.19
global_lifecycle_management_opatchge13.9.4.0.0
global_lifecycle_management_opatchlt13.9.4.2.1

Name	Operator	Version
thrift	ge	0.5.0
thrift	le	0.11.0
debian_linux	eq	8.0
traffix_signaling_delivery_controller	ge	5.0.0
traffix_signaling_delivery_controller	le	5.1.0
global_lifecycle_management_opatch	lt	11.2.0.3.23
global_lifecycle_management_opatch	ge	12.2.0.1.0
global_lifecycle_management_opatch	lt	12.2.0.1.19
global_lifecycle_management_opatch	ge	13.9.4.0.0
global_lifecycle_management_opatch	lt	13.9.4.2.1

Rows per page:

1-10 of 111

References

www.openwall.com/lists/oss-security/2019/07/24/3

www.securityfocus.com/bid/106551

access.redhat.com/errata/RHSA-2019:2413

lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9@%3Cdevnull.infra.apache.org%3E

lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E

lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f@%3Cdev.storm.apache.org%3E

lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc@%3Cuser.storm.apache.org%3E

lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E

lists.debian.org/debian-lts-announce/2019/02/msg00008.html

support.f5.com/csp/article/K36361684

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html