7.5
CVE-2023-30631
- EPSS 0.54%
- Published 14.06.2023 08:15:09
- Last modified 13.02.2025 17:16:25
- Source security@apache.org
- Teams watchlist Login
- Open Login
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ Traffic Server Version >= 8.0.0 < 8.1.7
Apache ≫ Traffic Server Version >= 9.0.0 < 9.2.1
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Debian ≫ Debian Linux Version12.0
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.67 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.