Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
436
VMScore

CVE-2017-12610

Published: 26/07/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Subscribe to Apache

Vulnerability Summary

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache kafka

Vendor Advisories

Red Hat: CVE-2017-12610
In Apache Kafka 01000 to 01021 and 01100 to 01101, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka ...

Github Repositories

https://github.com/isxbot/software-assurance

Repository for the sudo group.

Apache Kafka Description and Statistics Kafka is a distributed streaming platform that functions as a messaging system, storage system, and as a stream processor For messaging, Kafka can do both scale processing and multi-subscriber at the same time For Kafka as a storage system, Kafka stores and replicates all data to disks for redundancy and allows for the users to request

References

CWE-287http://www.securityfocus.com/bid/104899https://www.oracle.com/security-alerts/cpujul2020.htmlhttps://lists.apache.org/thread.html/b6157be1a09df332294213bd21e90dcf9fe4c1810193be54620e4210%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://nvd.nist.govhttps://github.com/isxbot/software-assurancehttps://access.redhat.com/security/cve/cve-2017-12610
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook