漏洞信息详情
Apache Thrift 安全漏洞
- CNNVD编号:CNNVD-201910-1681
- 危害等级: 高危
- CVE编号: CVE-2019-0205
- 漏洞类型: 其他
- 发布时间: 2019-10-29
- 威胁类型: 远程
- 更新时间: 2022-04-18
- 厂 商:
- 漏洞来源: Red Hat
漏洞简介
Apache Thrift是美国阿帕奇(Apache)基金会的一个用于跨平台开发的框架。
Apache Thrift 0.12.0及之前版本中存在安全漏洞。攻击者可利用该漏洞造成服务器或客户端无限循环。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/
参考网址
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0806
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0805
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625@%3Cuser.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/928cae83d20d8d8196c26118f7084aa37573e1d31162381fb9454fb5@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d@%3Cissues.hive.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08@%3Cdev.hive.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d@%3Cdev.thrift.apache.org%3E
来源:mail-archives.apache.org
链接:http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0804
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E
来源:GENTOO
链接:https://security.gentoo.org/glsa/202107-32
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337@%3Cnotifications.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/a9669756befaeb0f8e08766d3f4d410a0fce85da3a570506f71f0b67@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3@%3Cuser.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a@%3Ccommits.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4@%3Cuser.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b99acbbf6e9e287@%3Cissues.hive.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431ab20066a1ac79@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r934f312dd5add7276ac2de684d8b237554ff9f34479a812df5fd6aee@%3Ccommits.cassandra.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/re387dc6ca11cb0b0ce4de8e800bb91ca50fee054b80105f5cd34adcb@%3Cdev.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575@%3Cuser.cassandra.apache.org%3E
来源:N/A
链接:https://www.oracle.com//security-alerts/cpujul2021.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rb139fa1d2714822d8c6e6f3bd6f5d5c91844d313201185c409288fd9@%3Ccommits.cassandra.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0811
来源:MLIST
链接:https://lists.apache.org/thread.HTML/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8@%3Cuser.thrift.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8@%3Ccommits.cassandra.apache.org%3E
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156701/Red-Hat-Security-Advisory-2020-0804-01.HTML
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Red-Hat-JBoss-Enterprise-Application-Platform-three-vulnerabilities-31779
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160562/Red-Hat-Security-Advisory-2020-5568-01.HTML
来源:www.nsfocus.net
链接:http://www.nsfocus.net/vulndb/48706
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4464/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-0205
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157859/Red-Hat-Security-Advisory-2020-2333-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-apache-thrift-cve-2019-0205/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071503
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1766/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1882/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157741/Red-Hat-Security-Advisory-2020-2067-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2050/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0915/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022041520
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158048/Red-Hat-Security-Advisory-2020-2512-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156885/Red-Hat-Security-Advisory-2020-0962-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2042/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163494/Gentoo-Linux-Security-Advisory-202107-32.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1858/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1120701
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1052/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1024/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157835/Red-Hat-Security-Advisory-2020-2321-01.HTML
受影响实体
暂无
补丁
- Apache Thrift 安全漏洞的修复措施
评论