漏洞信息详情
Apache Thrift 信任管理问题漏洞
- CNNVD编号:CNNVD-201901-099 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2018-1320
- 漏洞类型: 信任管理问题
- 发布时间: 2019-01-08
- 威胁类型: 远程
- 更新时间: 2021-09-26
- 厂 商:
- 漏洞来源: Red Hat
-
漏洞简介
Apache Thrift是美国阿帕奇(Apache)基金会的一个用于跨平台开发的框架。
Apache Thrift Java client library 0.5.0版本至0.11.0版本中存在信任管理问题漏洞。攻击者可利用该漏洞绕过安全检测。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://issues.apache.org/jira/browse/THRIFT-4506
参考网址
来源:MLIST
链接:https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d@%3Ccommits.cassandra.apache.org%3E
来源:MISC
链接:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
来源:N/A
链接:https://www.oracle.com/security-alerts/cpuapr2020.html
来源:MLIST
链接:https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5@%3Ccommits.cassandra.apache.org%3E
来源:CONFIRM
链接:https://support.f5.com/csp/article/K36361684
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2413
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2019/07/24/3
来源:MLIST
链接:https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80@%3Cannounce.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html
来源:MLIST
链接:https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be@%3Ccommits.cassandra.apache.org%3E
来源:BID
链接:https://www.securityfocus.com/bid/106551
来源:MISC
链接:https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9@%3Cdevnull.infra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f@%3Cdev.storm.apache.org%3E
来源:BID
链接:http://www.securityfocus.com/bid/106551
来源:MLIST
链接:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc@%3Cuser.storm.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3@%3Ccommits.cassandra.apache.org%3E
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:2413
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153980/Red-Hat-Security-Advisory-2019-2413-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.3040/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4254/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-3/
受影响实体
暂无
补丁
- Apache Thrift Java client library 授权问题漏洞的修复措施<!--2019-1-8-->
还没有评论,来说两句吧...