Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-30631

Опубликовано: 14 июн. 2023
Источник: debian
EPSS Низкий

Описание

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Пакеты

ПакетСтатусВерсия исправленияРелизТип
trafficserverfixed9.2.1+ds-1package

Примечания

  • https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs

  • https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b (master)

  • https://github.com/apache/trafficserver/commit/ee46128fc7099956145be2147e4ddad7fbc7299b (9.2.1-rc0)

  • https://github.com/apache/trafficserver/commit/35dd3efde78a73aefa257e12b8fe78d6cd646ba0 (8.1.7)

EPSS

Процентиль: 67%
0.00544
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-30631

CVSS3: 7.5
ubuntu
больше 2 лет назад

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

nvd логотип

CVE-2023-30631

CVSS3: 7.5
nvd
больше 2 лет назад

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

github логотип

GHSA-5rc2-qffv-3c8p

CVSS3: 7.5
github
больше 2 лет назад

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

fstec логотип

BDU:2023-03423

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость веб-сервера Apache Traffic Server, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 67%
0.00544
Низкий