6.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.0%
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
CPE | Name | Operator | Version |
---|---|---|---|
traffic_server | eq | 2.1.1 | |
traffic_server | eq | 2.1.0 | |
traffic_server | le | 2.0.0 |
secunia.com/advisories/41356
securitytracker.com/id?1024417
trafficserver.apache.org/
www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc
www.securityfocus.com/archive/1/513598/100/0/threaded
www.securityfocus.com/bid/43111
exchange.xforce.ibmcloud.com/vulnerabilities/61721
issues.apache.org/jira/browse/TS-425