trafficserver is vulnerable to information disclosure. The ATS ESI plugin allows an attacker to obtain confidential information.
CPE | Name | Operator | Version |
---|---|---|---|
trafficserver:sid | eq | 8.1.0+ds-2 | |
trafficserver:buster | eq | 8.0.2+ds-1+deb10u3 |
lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E
lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E
security-tracker.debian.org/tracker/CVE-2020-17508