Multiple vulnerabilities in Apache Thrift Node.js

Published: 2019-01-11 16:00:52 | Updated: 2019-01-13
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-11798
CVE-2018-1320
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software Thrift
Vulnerable software versions Thrift 0.11.0
Thrift 0.10.0
Thrift 0.9.2

Show more

Vendor URL Apache Foundation

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to unspecified flaw. A remote attacker can access files outside the set webservers docroot path.

Remediation

Update to version 0.12.0.

External links

https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E

2) Security restrictions bypass

Description

The vulnerability allows a remote attacker to gain access to bypass security restrictions.

The vulnerability exists due to unspecified flaw. A remote attacker can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

Remediation

Update to version 0.12.0.

External links

https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E

Back to List