{
  "threat_severity" : "Moderate",
  "public_date" : "2015-07-09T00:00:00Z",
  "bugzilla" : {
    "description" : "thrift: Infinite recursion via vectors involving the skip function",
    "id" : "1462783",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-835",
  "details" : [ "The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.", "A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition." ],
  "affected_release" : [ {
    "product_name" : "Red Hat JBoss A-MQ 6.3",
    "release_date" : "2017-11-02T00:00:00Z",
    "advisory" : "RHSA-2017:3115",
    "cpe" : "cpe:/a:redhat:jboss_amq:6.3",
    "package" : "camel"
  }, {
    "product_name" : "Red Hat JBoss Data Virtualization 6.3",
    "release_date" : "2017-08-15T00:00:00Z",
    "advisory" : "RHSA-2017:2477",
    "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6.3",
    "package" : "libthrift"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6.3",
    "release_date" : "2017-11-02T00:00:00Z",
    "advisory" : "RHSA-2017:3115",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6.3",
    "package" : "camel"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat JBoss Fuse Service Works 6",
    "fix_state" : "Will not fix",
    "package_name" : "thrift",
    "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6"
  }, {
    "product_name" : "Red Hat JBoss Operations Network 3",
    "fix_state" : "Out of support scope",
    "package_name" : "libthrift",
    "cpe" : "cpe:/a:redhat:jboss_operations_network:3"
  }, {
    "product_name" : "Red Hat OpenShift Enterprise 2",
    "fix_state" : "Will not fix",
    "package_name" : "libthrift",
    "cpe" : "cpe:/a:redhat:openshift:2"
  }, {
    "product_name" : "Red Hat OpenShift Enterprise 3",
    "fix_state" : "Not affected",
    "package_name" : "libthrift",
    "cpe" : "cpe:/a:redhat:openshift:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-3254\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3254" ],
  "name" : "CVE-2015-3254",
  "csaw" : false
}