Описание
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.0 (включая)
Одно из
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01206
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
debian
почти 15 лет назад
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, d ...
github
больше 3 лет назад
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
EPSS
Процентиль: 78%
0.01206
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20