CVE-2014-10022
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.
Known Affected Software
49 configuration(s) from 1 vendor(s)
traffic_server
Version:
5.0.1
CPE:
cpe:2.3:a:apache:traffic_server:5.0.1:*:*:*:*:*:*:*
traffic_server
Version:
2.1.9
CPE:
cpe:2.3:a:apache:traffic_server:2.1.9:*:*:*:*:*:*:*
traffic_server
Version:
2.1.5
CPE:
cpe:2.3:a:apache:traffic_server:2.1.5:*:*:*:*:*:*:*
traffic_server
Version:
4.2.0
CPE:
cpe:2.3:a:apache:traffic_server:4.2.0:*:*:*:*:*:*:*
traffic_server
Version:
3.1.2
CPE:
cpe:2.3:a:apache:traffic_server:3.1.2:*:*:*:*:*:*:*
traffic_server
Version:
3.2.4
CPE:
cpe:2.3:a:apache:traffic_server:3.2.4:*:*:*:*:*:*:*
traffic_server
Version:
2.1.7
CPE:
cpe:2.3:a:apache:traffic_server:2.1.7:*:*:*:*:*:*:*
traffic_server
Version:
5.1.1
CPE:
cpe:2.3:a:apache:traffic_server:5.1.1:*:*:*:*:*:*:*
traffic_server
Version:
2.0.1
CPE:
cpe:2.3:a:apache:traffic_server:2.0.1:*:*:*:*:*:*:*
traffic_server
Version:
4.0.0
CPE:
cpe:2.3:a:apache:traffic_server:4.0.0:*:*:*:*:*:*:*
traffic_server
Version:
2.1.1
CPE:
cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.1
CPE:
cpe:2.3:a:apache:traffic_server:3.0.1:*:*:*:*:*:*:*
traffic_server
Version:
3.3.4
CPE:
cpe:2.3:a:apache:traffic_server:3.3.4:*:*:*:*:*:*:*
traffic_server
Version:
2.1.6
CPE:
cpe:2.3:a:apache:traffic_server:2.1.6:*:*:*:*:*:*:*
traffic_server
Version:
4.2.2
CPE:
cpe:2.3:a:apache:traffic_server:4.2.2:*:*:*:*:*:*:*
traffic_server
Version:
3.0.0
CPE:
cpe:2.3:a:apache:traffic_server:3.0.0:*:*:*:*:*:*:*
traffic_server
Version:
5.0.0
CPE:
cpe:2.3:a:apache:traffic_server:5.0.0:*:*:*:*:*:*:*
traffic_server
Version:
2.1.8
CPE:
cpe:2.3:a:apache:traffic_server:2.1.8:*:*:*:*:*:*:*
traffic_server
Version:
2.1.4
CPE:
cpe:2.3:a:apache:traffic_server:2.1.4:*:*:*:*:*:*:*
traffic_server
Version:
3.2.2
CPE:
cpe:2.3:a:apache:traffic_server:3.2.2:*:*:*:*:*:*:*
traffic_server
Version:
3.3.5
CPE:
cpe:2.3:a:apache:traffic_server:3.3.5:*:*:*:*:*:*:*
traffic_server
Version:
2.1.2
CPE:
cpe:2.3:a:apache:traffic_server:2.1.2:*:*:*:*:*:*:*
traffic_server
Version:
3.0.4
CPE:
cpe:2.3:a:apache:traffic_server:3.0.4:*:*:*:*:*:*:*
traffic_server
Version:
2.1.3
CPE:
cpe:2.3:a:apache:traffic_server:2.1.3:*:*:*:*:*:*:*
traffic_server
Version:
3.1.3
CPE:
cpe:2.3:a:apache:traffic_server:3.1.3:*:*:*:*:*:*:*
traffic_server
Version:
3.1.1
CPE:
cpe:2.3:a:apache:traffic_server:3.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.2.5
CPE:
cpe:2.3:a:apache:traffic_server:3.2.5:*:*:*:*:*:*:*
traffic_server
Version:
4.1.0
CPE:
cpe:2.3:a:apache:traffic_server:4.1.0:*:*:*:*:*:*:*
traffic_server
Version:
3.0.2
CPE:
cpe:2.3:a:apache:traffic_server:3.0.2:*:*:*:*:*:*:*
traffic_server
Version:
2.0.0
CPE:
cpe:2.3:a:apache:traffic_server:2.0.0:alpha:*:*:*:*:*:*
traffic_server
Version:
4.1.1
CPE:
cpe:2.3:a:apache:traffic_server:4.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.2.0
CPE:
cpe:2.3:a:apache:traffic_server:3.2.0:*:*:*:*:*:*:*
traffic_server
Version:
3.1.4
CPE:
cpe:2.3:a:apache:traffic_server:3.1.4:*:*:*:*:*:*:*
traffic_server
Version:
3.3.1
CPE:
cpe:2.3:a:apache:traffic_server:3.3.1:*:*:*:*:*:*:*
traffic_server
Version:
3.3.0
CPE:
cpe:2.3:a:apache:traffic_server:3.3.0:*:*:*:*:*:*:*
traffic_server
Version:
5.1.0
CPE:
cpe:2.3:a:apache:traffic_server:5.1.0:*:*:*:*:*:*:*
traffic_server
Version:
4.2.3
CPE:
cpe:2.3:a:apache:traffic_server:4.2.3:*:*:*:*:*:*:*
traffic_server
Version:
3.1.0
CPE:
cpe:2.3:a:apache:traffic_server:3.1.0:*:*:*:*:*:*:*
traffic_server
Version:
3.3.2
CPE:
cpe:2.3:a:apache:traffic_server:3.3.2:*:*:*:*:*:*:*
traffic_server
Version:
3.2.1
CPE:
cpe:2.3:a:apache:traffic_server:3.2.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.3
CPE:
cpe:2.3:a:apache:traffic_server:3.0.3:*:*:*:*:*:*:*
traffic_server
Version:
4.2.1
CPE:
cpe:2.3:a:apache:traffic_server:4.2.1:*:*:*:*:*:*:*
traffic_server
Version:
2.1.0
CPE:
cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*
traffic_server
Version:
4.0.2
CPE:
cpe:2.3:a:apache:traffic_server:4.0.2:*:*:*:*:*:*:*
traffic_server
Version:
4.2.1.1
CPE:
cpe:2.3:a:apache:traffic_server:4.2.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.3.3
CPE:
cpe:2.3:a:apache:traffic_server:3.3.3:*:*:*:*:*:*:*
traffic_server
Version:
4.0.1
CPE:
cpe:2.3:a:apache:traffic_server:4.0.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.5
CPE:
cpe:2.3:a:apache:traffic_server:3.0.5:*:*:*:*:*:*:*
traffic_server
Version:
4.1.2
CPE:
cpe:2.3:a:apache:traffic_server:4.1.2:*:*:*:*:*:*:*
This vulnerability affects 49 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browsercve@mitre.org
-
http://www.securitytracker.com/id/1031499cve@mitre.org
-
https://issues.apache.org/jira/browse/TS-3223cve@mitre.org
-
http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browseraf854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id/1031499af854a3a-2127-422b-91ae-364da2661108
-
https://issues.apache.org/jira/browse/TS-3223af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-119
Top 25 #17
Improper Restriction of Operations within the Bounds of a Memory Buffer
- Description
- The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- January 13, 2015
