Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
{"cve": [{"lastseen": "2022-03-23T12:53:53", "description": "Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-13T16:29:00", "type": "cve", "title": "CVE-2015-5168", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5168", "CVE-2015-5206"], "modified": "2017-09-21T18:40:00", "cpe": ["cpe:/a:apache:traffic_server:5.3.0", "cpe:/a:apache:traffic_server:5.3.1"], "id": "CVE-2015-5168", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5168", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apache:traffic_server:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:5.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:54:38", "description": "Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-13T16:29:00", "type": "cve", "title": "CVE-2015-5206", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5168", "CVE-2015-5206"], "modified": "2017-09-21T18:39:00", "cpe": ["cpe:/a:apache:traffic_server:5.3.0", "cpe:/a:apache:traffic_server:5.3.1"], "id": "CVE-2015-5206", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5206", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:apache:traffic_server:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:traffic_server:5.3.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T12:44:04", "description": "According to its banner, the version of Apache Traffic Server running on the remote host is 5.3.x prior to 5.3.2. It is, therefore, affected by multiple vulnerabilities related to improper handling of HTTP/2 requests. An attacker can exploit these vulnerabilities to have an unspecified impact. No further details are available.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-12-08T00:00:00", "type": "nessus", "title": "Apache Traffic Server 5.3.x < 5.3.2 HTTP2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5168", "CVE-2015-5206"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:apache:traffic_server"], "id": "APACHE_TRAFFIC_SERVER_532.NASL", "href": "https://www.tenable.com/plugins/nessus/87241", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87241);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\"CVE-2015-5168\", \"CVE-2015-5206\");\n\n script_name(english:\"Apache Traffic Server 5.3.x < 5.3.2 HTTP2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Apache Traffic Server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote caching server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache Traffic Server running\non the remote host is 5.3.x prior to 5.3.2. It is, therefore, affected\nby multiple vulnerabilities related to improper handling of HTTP/2\nrequests. An attacker can exploit these vulnerabilities to have an\nunspecified impact. No further details are available.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://mail-archives.us.apache.org/mod_mbox/www-announce/201509.mbox/%3CCABF6JR2j5vesvnjbm6sDPB_zAGj3kNgzzHEpLUh6dWG6t8mC2w@mail.gmail.com%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4d47415\");\n # https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b450befb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Traffic Server version 5.3.2 or later.\nAlternatively, disable HTTP/2 support.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5206\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:traffic_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_traffic_server_version.nasl\", \"npn_protocol_enumeration.nasl\");\n script_require_keys(\"www/apache_traffic_server\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\napp = 'Apache Traffic Server';\nport = get_http_port(default:8080);\n\n# Make sure this is Apache Traffic Server\nget_kb_item_or_exit('www/'+port+'/apache_traffic_server');\n\n# Check if we could get a version\nversion = get_kb_item_or_exit('www/'+port+'/apache_traffic_server/version', exit_code:1);\nsource = get_kb_item_or_exit('www/'+port+'/apache_traffic_server/source', exit_code:1);\n\n# Currently ATS only supports NPN, not ALPN and does not support h2c\nnpnprotos = get_kb_list('SSL/NPN/'+port);\nhttp2sup = FALSE;\nforeach proto (npnprotos)\n{\n if(proto =~ '^h2')\n {\n http2sup = TRUE;\n break;\n }\n}\nif(!http2sup)\n exit(0, \"The instance of \"+app+\" listening on port \"+port+\" does not appear to support HTTP/2 via SSL with the NPN extension.\");\n\nver = split(version, sep:'.');\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n#Versions 5.3.0 and 5.3.1 are vulnerable\nif (\n (ver[0] == 5 && ver[1] == 3 && ver[2] == 0) ||\n (ver[0] == 5 && ver[1] == 3 && ver[2] == 1)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 5.3.2' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app, port, version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:43:14", "description": "Apache Traffic Server, an open source caching server, is installed on the remote host.\n\nApache Traffic Server versions 5.3.x prior to 5.3.2 are affected by multiple vulnerabilities related to improper handling of HTTP/2 requests. An attacker can exploit these vulnerabilities to have an unspecified impact. No further details are available.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-05T00:00:00", "type": "nessus", "title": "Apache Traffic Server 5.3.x < 5.3.2 HTTP2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5168", "CVE-2015-5206"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"], "id": "9071.PRM", "href": "https://www.tenable.com/plugins/nnm/9071", "sourceData": "Binary data 9071.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-06-29T15:44:38", "description": "Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-13T16:29:00", "type": "debiancve", "title": "CVE-2015-5206", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5168", "CVE-2015-5206"], "modified": "2017-09-13T16:29:00", "id": "DEBIANCVE:CVE-2015-5206", "href": "https://security-tracker.debian.org/tracker/CVE-2015-5206", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:51", "description": "This host is installed with Apache Traffic Server\n and is prone to multiple unspecified vulnerabilities.", "cvss3": {}, "published": "2017-10-05T00:00:00", "type": "openvas", "title": "Apache Traffic Server 'HTTP/2' Multiple Unspecified Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5168", "CVE-2015-5206"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310811852", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811852", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_ts_http2_feature_mult_unspec_vuln.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Apache Traffic Server 'HTTP/2' Multiple Unspecified Vulnerabilities\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:traffic_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811852\");\n script_version(\"$Revision: 11983 $\");\n script_cve_id(\"CVE-2015-5206\", \"CVE-2015-5168\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 13:01:42 +0530 (Thu, 05 Oct 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Traffic Server 'HTTP/2' Multiple Unspecified Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Traffic Server\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to multiple unspecified\n errors in 'HTTP/2 experimental feature'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause unknown impacts on the target system.\");\n\n script_tag(name:\"affected\", value:\"Apache Traffic Server versions 5.3.x before 5.3.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Traffic Server version\n 5.3.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://mail-archives.us.apache.org/mod_mbox/www-announce/201509.mbox/%3CCABF6JR2j5vesvnjbm6sDPB_zAGj3kNgzzHEpLUh6dWG6t8mC2w@mail.gmail.com%3E\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_traffic_detect.nasl\");\n script_mandatory_keys(\"apache_trafficserver/installed\");\n script_xref(name:\"URL\", value:\"http://trafficserver.apache.org\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!trPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!trVer = get_app_version(cpe:CPE, port:trPort)){\n exit(0);\n}\n\nif (trVer == \"5.3.0\" || trVer == \"5.3.1\")\n{\n report = report_fixed_ver(installed_version:trVer, fixed_version:\"5.3.2\");\n security_message(data:report, port:trPort);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:40:21", "description": "Unspecified vulnerability in the HTTP/2 experimental feature in Apache\nTraffic Server before 5.3.x before 5.3.2 has unknown impact and attack\nvectors, a different vulnerability than CVE-2015-5168.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-13T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5206", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5206"], "modified": "2017-09-13T00:00:00", "id": "UB:CVE-2015-5206", "href": "https://ubuntu.com/security/CVE-2015-5206", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T21:40:22", "description": "Unspecified vulnerability in the HTTP/2 experimental feature in Apache\nTraffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a\ndifferent vulnerability than CVE-2015-5206.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-13T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5168", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5168"], "modified": "2017-09-13T00:00:00", "id": "UB:CVE-2015-5168", "href": "https://ubuntu.com/security/CVE-2015-5168", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2015-5168
