CVE-2018-1320
Description
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.11
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1320 are fixed in Apache-libthrift 0.9.3 | Windows |
| Vulnerabilities CVE-2018-1320,CVE-2018-11798 are fixed in Apache-libthrift 0.12.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| Vulnerabilities CVE-2018-1320 are fixed in Apache-libthrift for Linux 0.9.3 | Linux |
| Vulnerabilities CVE-2018-1320,CVE-2018-11798 are fixed in Apache-libthrift for Linux 0.12.0 | Linux |
| Improper Certificate Validation Vulnerability (CVE-2018-1320) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234