← Back

CVE-2022-31779

nvd nist
Published: Aug 10, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Affected (5)

Apache
1 product
Traffic Server
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Traffic Server
From 8.0.0 to 8.1.4
Traffic Server
From 9.0.0 to 9.1.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 35
Fedora
Version 36

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: security@apache.org
Mailing ListVendor Advisory
Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.