CVE-2018-1320 vulnerability in Apache and Other Products
Published on January 7, 2019

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

Vendor Advisory NVD

Products Associated with CVE-2018-1320

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1320 are published in these products:

Apache Thrift

F5 Networks Traffix Sdc

Debian Linux

Oracle Global Lifecycle Management Opatch

Oracle Nosql Database

F5 Networks Traffix Signaling Delivery Controller

Affected Versions

Apache Software Foundation Apache Thrift Version Apache Thrift 0.5.0 to 0.11.0 is affected by CVE-2018-1320

Exploit Probability

EPSS

0.11%

Percentile

29.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1320 vulnerability in Apache and Other ProductsPublished on January 7, 2019

Products Associated with CVE-2018-1320

Affected Versions

Exploit Probability

CVE-2018-1320 vulnerability in Apache and Other Products
Published on January 7, 2019