CVE-2010-2952

EPSS 1.21%
Veröffentlicht 13.09.2010 21:00:28
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Traffic Server Version <= 2.0.0

Apache ≫ Traffic Server Version2.1.0

Apache ≫ Traffic Server Version2.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.21%	0.77

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/41356

Vendor Advisory

http://securitytracker.com/id?1024417

http://trafficserver.apache.org/

http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc

http://www.securityfocus.com/archive/1/513598/100/0/threaded

http://www.securityfocus.com/bid/43111

https://exchange.xforce.ibmcloud.com/vulnerabilities/61721

https://issues.apache.org/jira/browse/TS-425

https://nvd.nist.gov/vuln/detail/CVE-2010-2952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2952

EUVD