Vulnerability Description
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Thrift | >= 0.9.2, <= 0.11.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106501Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:1545
- https://access.redhat.com/errata/RHSA-2019:3140
- https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5b
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://www.securityfocus.com/bid/106501Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:1545
- https://access.redhat.com/errata/RHSA-2019:3140
- https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5b
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
FAQ
What is CVE-2018-11798?
CVE-2018-11798 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the...
How severe is CVE-2018-11798?
CVE-2018-11798 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11798?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Thrift.