PT-2020-3648 · Apache · Apache Traffic Server

Published

2020-03-23

Updated

2022-10-06

CVE-2019-17559

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 6.0.0 through 6.2.3 Apache Traffic Server versions 7.0.0 through 7.1.8 Apache Traffic Server versions 8.0.0 through 8.0.5

Description The issue is related to inconsistent interpretation of HTTP requests, which can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. It involves a smuggling attack and scheme parsing.

Recommendations For versions 6.0.0 through 6.2.3, upgrade to version 7.1.9 or later. For versions 7.0.0 through 7.1.8, upgrade to version 7.1.9 or later. For versions 8.0.0 through 8.0.5, upgrade to version 8.0.6 or later.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

BDU:2020-03996

CVE-2019-17559

DSA-4672-1

Affected Products

Apache Traffic Server

PT-2020-3648 · Apache · Apache Traffic Server

CVE-2019-17559

Weakness Enumeration

Related Identifiers

Affected Products

References · 12