PT-2023-4534 · Apache · Apache Traffic Server

Adi Peleg

Publicado

2023-08-09

Atualizado

2024-10-01

CVE-2023-33934

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions through 9.2.1

Description The issue is related to improper input validation in Apache Traffic Server, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions through 9.2.1, update to a version later than 9.2.1 to resolve the issue. As a temporary workaround, consider restricting input validation to minimize the risk of exploitation.

Exploit

Correção

RCE

HTTP Request/Response Smuggling

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-444

Identificadores relacionados

BDU:2023-04939

CVE-2023-33934

DLA-3595-1

DSA-5549-1

Produtos afetados

Apache Traffic Server

PT-2023-4534 · Apache · Apache Traffic Server

CVE-2023-33934

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 65