Published: 16/06/2017 Updated: 13/02/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The client libraries in Apache Thrift prior to 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache thrift

Synopsis Moderate: Red Hat JBoss Fuse/A-MQ 63 R5 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition ...

CWE-20 https://issues.apache.org/jira/browse/THRIFT-3231 http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774 http://www.securityfocus.com/bid/99112 https://access.redhat.com/errata/RHSA-2017:3115 https://access.redhat.com/errata/RHSA-2017:2477 https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E https://access.redhat.com/errata/RHSA-2017:3115 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-3254

CVE-2015-3254

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect