CVE-2018-11798

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 7 January 2019

Summary

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

Affected Version(s)

Apache Thrift Apache Thrift 0.9.2 to 0.11.0

References

http://www.securityfocus.com/bid/106501

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/6e9edd282684896cedf6...

x_refsource_MISC

https://access.redhat.com/errata/RHSA-2019:1545

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2019
Vulnerability Reserved
Jun 5, 2018