CVE-2022-40743

Published: Dec 19, 2022Modified: Apr 17, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.

Affected (2)

Products: Apache: Traffic Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Traffic Server	From 8.0.0 to 8.1.5
Apache Traffic Server	From 9.0.0 to 9.1.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.