Executive Summary

Summary
Titletrafficserver security update
Informations
NameDSA-4520First vendor Publication2019-09-09
VendorDebianLast vendor Modification2019-09-09
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities were discovered in the HTTP/2 code of Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service.

The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.

For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u1.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver

Original Source

Url : http://www.debian.org/security/2019/dsa-4520

CWE : Common Weakness Enumeration

%idName
100 %CWE-400Uncontrolled Resource Consumption ('Resource Exhaustion')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application41
Application11
Os20
Os39
Os1

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-09-10 00:18:33
  • First insertion