4.3

CVE-2010-2952

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTraffic Server Version <= 2.0.0
ApacheTraffic Server Version2.1.0
ApacheTraffic Server Version2.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.61% 0.834
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/41356
Vendor Advisory
http://securitytracker.com/id?1024417
http://trafficserver.apache.org/
http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc
http://www.securityfocus.com/archive/1/513598/100/0/threaded
http://www.securityfocus.com/bid/43111
https://exchange.xforce.ibmcloud.com/vulnerabilities/61721
https://issues.apache.org/jira/browse/TS-425