CVE-2017-5659

Опубликовано: 17 апр. 2017

Источник: debian

EPSS Низкий

Описание

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.

Пакет	Статус	Версия исправления	Релиз	Тип
trafficserver	fixed	7.0.0-1		package
trafficserver	not-affected		wheezy	package

https://issues.apache.org/jira/browse/TS-4507
reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above)
https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb
evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153

EPSS

Процентиль: 80%

0.01461

Низкий

CVE-2017-5659

CVSS3: 7.5

ubuntu

почти 9 лет назад

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.

CVE-2017-5659

CVSS3: 7.5

nvd

почти 9 лет назад

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.

GHSA-939c-m42f-qh77

CVSS3: 7.5

github

больше 3 лет назад

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.

EPSS

Процентиль: 80%

0.01461

Низкий