CVE-2014-3624

Опубликовано: 30 окт. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

Ссылки

http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F%40minotaur.apache.org%3E
http://www.securityfocus.com/bid/101630
Third Party Advisory
VDB Entry
https://issues.apache.org/jira/browse/TS-2677
Issue Tracking
Patch
Vendor Advisory
http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F%40minotaur.apache.org%3E
http://www.securityfocus.com/bid/101630
Third Party Advisory
VDB Entry
https://issues.apache.org/jira/browse/TS-2677
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:traffic_server:5.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00387

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2014-3624

CVSS3: 9.8

ubuntu

больше 8 лет назад

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

CVE-2014-3624

CVSS3: 9.8

debian

больше 8 лет назад

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to by ...

GHSA-xpg3-fq38-gwfq

CVSS3: 9.8

github

больше 3 лет назад

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

EPSS

Процентиль: 59%

0.00387

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284