PT-2020-5807 · Apache · Apache Traffic Server

Published

2020-08-12

Updated

2021-07-21

CVE-2020-17508

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 6.0.0 through 6.2.3 Apache Traffic Server versions 7.0.0 through 7.1.11 Apache Traffic Server versions 8.0.0 through 8.1.0

Description: The ATS ESI plugin has a memory disclosure issue, allowing a remote attacker to access confidential data. If you are running the plugin, an upgrade is recommended.

Recommendations: For Apache Traffic Server versions 6.0.0 through 6.2.3, upgrade to a version later than 6.2.3. For Apache Traffic Server versions 7.0.0 through 7.1.11, upgrade to version 7.1.12 or later. For Apache Traffic Server versions 8.0.0 through 8.1.0, upgrade to version 8.1.1 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2021-01773

CVE-2020-17508

DSA-4805-1

Affected Products

Apache Traffic Server

PT-2020-5807 · Apache · Apache Traffic Server

CVE-2020-17508

Weakness Enumeration

Related Identifiers

Affected Products

References · 14