Vulnerability CVE-2015-3254
Published: 2017-06-16   Modified: 2017-06-17

Description:
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Apache -> Thrift 

 References:
http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774
http://www.securityfocus.com/bid/99112
https://access.redhat.com/errata/RHSA-2017:2477
https://access.redhat.com/errata/RHSA-2017:3115
https://issues.apache.org/jira/browse/THRIFT-3231
https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew@mail.gmail.com%3E
Copyright 2024, cxsecurity.com

 

Back to Top