CVE Vulnerabilities

CVE-2018-1320

Improper Certificate Validation

Published: Jan 07, 2019 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Thrift Apache 0.5.0 (including) 0.11.0 (including)
Red Hat Fuse 7.4.0 RedHat camel-thrift *
Red Hat Fuse 7.4.0 RedHat libthrift *
Libthrift-java Ubuntu bionic *
Libthrift-java Ubuntu cosmic *
Libthrift-java Ubuntu trusty *
Libthrift-java Ubuntu upstream *
Libthrift-java Ubuntu xenial *

Potential Mitigations

References