Lucene search

[email protected]NVD:CVE-2022-31779

HistoryAug 10, 2022 - 6:15 a.m.

CVE-2022-31779

2022-08-1006:15:08

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-31779

http/2 header parsing

apache traffic server 8.0.0 to 9.1.2

request smuggling

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

68.0%

JSON

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Affected configurations

NVD

Node

apachetraffic_serverRange8.0.0–8.1.4

apachetraffic_serverRange9.0.0–9.1.2

Node

debiandebian_linuxMatch11.0

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

References

lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/

www.debian.org/security/2022/dsa-5206

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for NVD:CVE-2022-31779

prion1 debiancve1 cnvd1 cvelist1 ubuntucve1 veracode1 cve1 osv3 openvas5 debian2 nessus2 fedora2