Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.
References
| Link | Resource |
|---|---|
| https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 | Mailing List Vendor Advisory |
| https://lists.debian.org/debian-lts-announce/2023/04/msg00007.html | |
| https://www.debian.org/security/2022/dsa-5206 | Third Party Advisory |
Configurations
History
26 Oct 2022, 03:06
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | |
| References | (DEBIAN) https://www.debian.org/security/2022/dsa-5206 - Third Party Advisory |
13 Aug 2022, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
12 Aug 2022, 17:56
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* | |
| References | (CONFIRM) https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 - Mailing List, Vendor Advisory | |
| CWE | CWE-20 |
10 Aug 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. |
10 Aug 2022, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-08-10 06:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-31778
Mitre link : CVE-2022-31778
CVE.ORG link : CVE-2022-31778
JSON object : View
Products Affected
debian
- debian_linux
apache
- traffic_server
CWE
CWE-20
Improper Input Validation