Kwetsbaarheid CVE-2018-1320

Apache Thrift Java Client Library Versions 0.5.0 Through 0.11.0 Can Bypass SASL Negotiation IsComplete Validation In The Org.apache.thrift.transport.TSaslTransport Class. An Assert Used To Determine If The SASL Handshake Had Successfully Completed Could Be Disabled In Production Settings Making The Validation Incomplete.

Algemeen

CVE
CVE-2018-1320
Leverancier(s) betrokken
Omschrijving
Apache Thrift Java Client Library Versions 0.5.0 Through 0.11.0 Can Bypass SASL Negotiation IsComplete Validation In The Org.apache.thrift.transport.TSaslTransport Class. An Assert Used To Determine If The SASL Handshake Had Successfully Completed Could Be Disabled In Production Settings Making The Validation Incomplete.
Publicatie
Maandag, 7 Januari 2019
Gewijzigd
Dinsdag, 15 Januari 2019 15:00
Ernst

Referenties

Modificatie geschiedenis

Geef hieronder je email adres op en word op de hoogte gehouden van aanpassingen aan deze CVE