apache/trafficserver is vulnerable to cache poisoning. Insufficient validation of user inputs allow a remote attacker to send specially crafted data to the proxy server and poison negative server’s cache.
CPE | Name | Operator | Version |
---|---|---|---|
trafficserver:sid | eq | 8.1.0+ds-2 | |
trafficserver:buster | eq | 8.0.2+ds-1+deb10u3 |
lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E
lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E
security-tracker.debian.org/tracker/CVE-2020-17509