CVE-2023-30631

Published: Jun 14, 2023Modified: Feb 13, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Affected (7)

Products: Apache: Traffic Server · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Traffic Server	From 8.0.0 to 8.1.7
Apache Traffic Server	From 9.0.0 to 9.2.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 12.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/

Source: security@apache.org

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/

Source: security@apache.org

Mailing List

https://www.debian.org/security/2023/dsa-5435

Source: security@apache.org

Third Party Advisory

https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://www.debian.org/security/2023/dsa-5435

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.