PT-2019-4792 · Apache · Apache Traffic Server

Publicado

2019-09-09

Atualizado

2022-01-01

CVE-2019-10079

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions prior to 7.1.7 Apache Traffic Server versions prior to 8.0.4

Description The issue arises from incorrect handling of HTTP/2 requests, allowing a remote attacker to impact data confidentiality, integrity, and availability. Earlier versions of Apache Traffic Server did not limit the number of setting frames sent from the client using the HTTP/2 protocol, making them susceptible to HTTP/2 setting flood attacks.

Recommendations For versions prior to 7.1.7, upgrade to Apache Traffic Server 7.1.7 or later. For versions prior to 8.0.4, upgrade to Apache Traffic Server 8.0.4 or later.

Correção

RCE

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-770

Identificadores relacionados

BDU:2020-01370

CVE-2019-10079

DSA-4520-1

Produtos afetados

Apache Traffic Server

PT-2019-4792 · Apache · Apache Traffic Server

CVE-2019-10079

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30