CVE-2014-3624
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
Known Affected Software
1 configuration(s) from 1 vendor(s)
traffic_server
Version:
5.1.0
CPE:
cpe:2.3:a:apache:traffic_server:5.1.0:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F%40minotaur.apache.org%3Esecalert@redhat.com
-
http://www.securityfocus.com/bid/101630secalert@redhat.com Third Party Advisory VDB Entry
-
https://issues.apache.org/jira/browse/TS-2677secalert@redhat.com Issue Tracking Patch Vendor Advisory
-
http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F%40minotaur.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/101630af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://issues.apache.org/jira/browse/TS-2677af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch Vendor Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-284
Improper Access Control
- Description
- The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- Typical Severity
- Medium
- Abstraction Level
- Pillar
Key Information
- Published Date
- October 30, 2017
