CVE-2018-1320

CWE-295 — Improper Certificate Validation CWE-287 — Improper Authentication CWE-20 — Improper Input Validation12 documents8 sources

Severity

7.5HIGH

EPSS

0.1%

top 68.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Global Lifecycle Management Opatch Oracle Nosql Database Apache Thrift +3 more

Timeline

PublishedJan 7

Latest updateJan 17

Description

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶Mavenorg.apache.thrift:libthrift0.5.0 — 0.9.3-1+1

▶NVDapache/thrift0.5.0 — 0.11.0

▶CVEListV5apache_software_foundation/apache_thriftApache Thrift 0.5.0 to 0.11.0

▶Debianlibthrift-java< 0.9.1-2.1+2

▶NVDoracle/nosql_database< 19.3.12

Also affects: Debian Linux 8.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Improper Input Validation in Apache Thrift↗2019-01-17

▶

GHSA

Improper Input Validation in Apache Thrift↗2019-01-17

▶

CVEList

CVE-2018-1320: Apache Thrift Java client library versions 0↗2019-01-07

▶

OSV

CVE-2018-1320: Apache Thrift Java client library versions 0↗2019-01-07

▶

💥Exploits & PoCs

Exploit-DB

Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection↗2018-09-21

▶

📋Vendor Advisories

Red Hat

thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class↗2018-03-05

▶

Debian

CVE-2018-1320: libthrift-java - Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL ...↗2018

▶

💬Community

Bugzilla

CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class [fedora-all]↗2019-01-17

▶

Bugzilla

CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class [epel-7]↗2019-01-17

▶

Bugzilla

CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class↗2019-01-17

▶

Bugzilla

CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270↗2018-04-09

▶