CVE-2015-3254
CVSS4.0
发布时间 :2017-06-16 18:29:00
修订时间 :2017-06-20 21:29:00
NMPS    

[原文]The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.


[CNNVD]CNNVD数据暂缺。


[机译]Google 翻译(企业版):

- CVSS (基础分值)

CVSS分值: 4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [--]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3254
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3254
(官方数据源) NVD

- 其它链接及资源

http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774
(VENDOR_ADVISORY)  CONFIRM  http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774
http://www.securityfocus.com/bid/99112
(UNKNOWN)  BID  99112
https://issues.apache.org/jira/browse/THRIFT-3231
(VENDOR_ADVISORY)  CONFIRM  https://issues.apache.org/jira/browse/THRIFT-3231
https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew@mail.gmail.com%3E
(VENDOR_ADVISORY)  MLIST  [thrift-user] 20151210 Re: [NOTICE]: Apache Thrift Security Vulnerability CVE-2015-1774

- 漏洞信息 (F143764)

Red Hat Security Advisory 2017-2477-01 (PacketStormID:F143764)
2017-08-15 00:00:00
Red Hat  
advisory,local
linux,redhat
CVE-2015-3254,CVE-2017-5637,CVE-2017-7525
[点击下载]

Red Hat Security Advisory 2017-2477-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat JBoss Data Virtualization 6.3 Update 7 security update
Advisory ID:       RHSA-2017:2477-01
Product:           Red Hat JBoss Data Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2477
Issue date:        2017-08-15
CVE Names:         CVE-2015-3254 CVE-2017-5637 CVE-2017-7525 
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Data Virtualization.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Data Virtualization is a lean data integration solution that
provides easy, real-time, and unified data access across disparate sources
to multiple applications and users. JBoss Data Virtualization makes data
spread across physically distinct systems - such as multiple databases, XML
files, and even Hadoop systems - appear as a set of tables in a local
database.

This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a
replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and
includes bug fixes and enhancements, which are documented in the Release
Notes document linked to in the References.

Security Fix(es):

* A deserialization flaw was discovered in the jackson-databind which could
allow an unauthenticated user to perform code execution by sending the
maliciously crafted input to the readValue method of the ObjectMapper.
(CVE-2017-7525)

* A vulnerability was discovered in Apache Thrift client libraries that
allows remote, authenticated attackers to cause an infinite recursion via
vectors involving the skip function; resulting in a denial of service (DoS)
condition. (CVE-2015-3254)

* A denial of service vulnerability was discovered in ZooKeeper which
allows an attacker to dramatically increase CPU utilization by abusing
"wchp/wchc" commands, leading to the server being unable to serve
legitimate requests. (CVE-2017-5637)

Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-7525.

3. Solution:

Before applying the update, back up your existing Red Hat JBoss Data
Virtualization installation (including its databases, applications,
configuration files, and so on).

Note that it is recommended to halt the Red Hat JBoss Data Virtualization
server by stopping the JBoss Application Server process before installing
this update, and then after installing the update, restart the Red Hat
JBoss Data Virtualization server by starting the JBoss Application Server
process.

The References section of this erratum contains a download link (you must
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

1454808 - CVE-2017-5637 zookeeper: Incorrect input validation with wchp/wchc four letter words
1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
1462783 - CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function

5. References:

https://access.redhat.com/security/cve/CVE-2015-3254
https://access.redhat.com/security/cve/CVE-2017-5637
https://access.redhat.com/security/cve/CVE-2017-7525
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.3.0

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZkw+VXlSAg2UNWIIRAjRPAKCQB3sAGC0r8CRA7UAwANIGLYbYOACglbUm
yNok32QMlwbMdl5AsafILjg=
=9Aix
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息

Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 99112
Yes No
2017-06-16 12:00:00 2017-06-16 12:00:00
Jake Farrell

- 受影响的程序版本

Apache Thrift 0.9.2
Apache Thrift 0.9.1
Apache Thrift 0.9
,Apache Thrift 0.9.3

- 不受影响的程序版本

Apache Thrift 0.9.3

- 漏洞讨论

Apache Thrift is prone to a denial-of-service vulnerability.

Attackers may leverage this issue to cause infinite recursion, denying service to legitimate users.

Versions prior to Apache Thrift 0.9.3 are vulnerable.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站