Lucene search

[email protected]CVE-2017-7671

HistoryFeb 27, 2018 - 8:29 p.m.

CVE-2017-7671

2018-02-2720:29:00

CWE-20

[email protected]

web.nvd.nist.gov

apache traffic server

dos attack

tls handshake

coredump

cve-2017-7671

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.8%

JSON

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.

Affected configurations

Vulners

NVD

Node

apachetraffic_serverRange5.2.0–5.3.2

apachetraffic_serverRange6.0.0–6.2.0

apachetraffic_serverRange≤7.0.0

CPENameOperatorVersion
apache:traffic_serverapache traffic serverle5.3.2
apache:traffic_serverapache traffic serverle6.2.0
apache:traffic_serverapache traffic servereq7.0.0

CPE	Name	Operator	Version
apache:traffic_server	apache traffic server	le	5.3.2
apache:traffic_server	apache traffic server	le	6.2.0
apache:traffic_server	apache traffic server	eq	7.0.0

CNA Affected

[
  {
    "product": "Apache Traffic Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "5.2.0 to 5.3.2"
      },
      {
        "status": "affected",
        "version": "6.0.0 to 6.2.0"
      },
      {
        "status": "affected",
        "version": "7.0.0"
      }
    ]
  }
]