PT-2018-8424 · Apache · Apache Traffic Server

Publicado

2018-02-27

·

Atualizado

2018-03-23

·

CVE-2017-7671

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 5.2.0 through 5.3.2 Apache Traffic Server versions 6.0.0 through 6.2.0 Apache Traffic Server version 7.0.0
Description The issue is related to a DOS attack vulnerability in the TLS handshake, which can cause the server to coredump.
Recommendations For Apache Traffic Server versions 5.2.0 through 5.3.2, update to a version that fixes the TLS handshake issue to prevent the server from coredumping. For Apache Traffic Server versions 6.0.0 through 6.2.0, update to a version that fixes the TLS handshake issue to prevent the server from coredumping. For Apache Traffic Server version 7.0.0, update to a version that fixes the TLS handshake issue to prevent the server from coredumping.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-7671
DSA-4128-1

Produtos afetados

Apache Traffic Server