PT-2010-4430 · Apache · Apache Traffic Server

Leif Hedstrom

Published

2010-09-13

Updated

2018-10-10

CVE-2010-2952

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions prior to 2.0.1 Apache Traffic Server versions 2.1.x prior to 2.1.2-unstable

Description The issue makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response, due to improper choice of DNS source ports and transaction IDs, and improper use of DNS query fields to validate responses.

Recommendations For Apache Traffic Server versions prior to 2.0.1, update to version 2.0.1 or later. For Apache Traffic Server versions 2.1.x prior to 2.1.2-unstable, update to version 2.1.2-unstable or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2010-2952

Affected Products

Apache Traffic Server

PT-2010-4430 · Apache · Apache Traffic Server

CVE-2010-2952

Weakness Enumeration

Related Identifiers

Affected Products

References · 10