Steven Sprecher

#11017of 53,635
25Total CVSS
Vulnerabilities · 3
High
3
PT-2022-4659
10
2022-09-06
Go · Go · CVE-2022-27664
**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 **Description** The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial of service. This can be exploited by a malicious client. The vulnerability is also associated with a lack of input data sanitization, which can impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Go versions prior to 1.18.6, update to version 1.18.6 or later to resolve the issue. For Go versions 1.19.x prior to 1.19.1, update to version 1.19.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/http package to minimize the risk of exploitation.
PT-2022-4094
7.5
2022-08-10
Apache · Apache Traffic Server · CVE-2022-31780
**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 8.0.0 through 9.1.2 **Description** The issue is related to improper input validation in HTTP/2 frame handling, which can be exploited by an attacker to smuggle requests. This can potentially allow a remote attacker to execute arbitrary code due to weaknesses in handling HTTP requests. **Recommendations** For Apache Traffic Server versions 8.0.0 through 9.1.2, update to a version that includes the fix for this issue to prevent request smuggling and potential code execution. As a temporary workaround, consider restricting access to the HTTP/2 frame handling module until a patch is available.
PT-2022-11974
7.5
2022-03-23
Apache · Apache Traffic Server · CVE-2021-44040
**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 8.0.0 through 8.1.3 Apache Traffic Server versions 9.0.0 through 9.1.1 **Description** The issue is related to improper input validation in request line parsing, allowing an attacker to send invalid requests. **Recommendations** For Apache Traffic Server versions 8.0.0 through 8.1.3, update to a version outside of this range to resolve the issue. For Apache Traffic Server versions 9.0.0 through 9.1.1, update to a version outside of this range to resolve the issue.