CVE-2017-5659
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
Known Affected Software
60 configuration(s) from 1 vendor(s)
traffic_server
Version:
5.0.1
CPE:
cpe:2.3:a:apache:traffic_server:5.0.1:*:*:*:*:*:*:*
traffic_server
Version:
5.2.0
CPE:
cpe:2.3:a:apache:traffic_server:5.2.0:*:*:*:*:*:*:*
traffic_server
Version:
2.1.9
CPE:
cpe:2.3:a:apache:traffic_server:2.1.9:*:*:*:*:*:*:*
traffic_server
Version:
2.1.5
CPE:
cpe:2.3:a:apache:traffic_server:2.1.5:*:*:*:*:*:*:*
traffic_server
Version:
4.2.0
CPE:
cpe:2.3:a:apache:traffic_server:4.2.0:*:*:*:*:*:*:*
traffic_server
Version:
3.1.2
CPE:
cpe:2.3:a:apache:traffic_server:3.1.2:*:*:*:*:*:*:*
traffic_server
Version:
3.2.4
CPE:
cpe:2.3:a:apache:traffic_server:3.2.4:*:*:*:*:*:*:*
traffic_server
Version:
6.0.0
CPE:
cpe:2.3:a:apache:traffic_server:6.0.0:*:*:*:*:*:*:*
traffic_server
Version:
2.1.7
CPE:
cpe:2.3:a:apache:traffic_server:2.1.7:*:*:*:*:*:*:*
traffic_server
Version:
6.0.3
CPE:
cpe:2.3:a:apache:traffic_server:6.0.3:*:*:*:*:*:*:*
traffic_server
Version:
5.1.1
CPE:
cpe:2.3:a:apache:traffic_server:5.1.1:*:*:*:*:*:*:*
traffic_server
Version:
2.0.1
CPE:
cpe:2.3:a:apache:traffic_server:2.0.1:*:*:*:*:*:*:*
traffic_server
Version:
4.0.0
CPE:
cpe:2.3:a:apache:traffic_server:4.0.0:*:*:*:*:*:*:*
traffic_server
Version:
2.1.1
CPE:
cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.1
CPE:
cpe:2.3:a:apache:traffic_server:3.0.1:*:*:*:*:*:*:*
traffic_server
Version:
3.3.4
CPE:
cpe:2.3:a:apache:traffic_server:3.3.4:*:*:*:*:*:*:*
traffic_server
Version:
5.2.1
CPE:
cpe:2.3:a:apache:traffic_server:5.2.1:*:*:*:*:*:*:*
traffic_server
Version:
6.2.0
CPE:
cpe:2.3:a:apache:traffic_server:6.2.0:*:*:*:*:*:*:*
traffic_server
Version:
5.3.0
CPE:
cpe:2.3:a:apache:traffic_server:5.3.0:*:*:*:*:*:*:*
traffic_server
Version:
5.3.1
CPE:
cpe:2.3:a:apache:traffic_server:5.3.1:*:*:*:*:*:*:*
traffic_server
Version:
2.1.6
CPE:
cpe:2.3:a:apache:traffic_server:2.1.6:*:*:*:*:*:*:*
traffic_server
Version:
4.2.2
CPE:
cpe:2.3:a:apache:traffic_server:4.2.2:*:*:*:*:*:*:*
traffic_server
Version:
5.3.2
CPE:
cpe:2.3:a:apache:traffic_server:5.3.2:*:*:*:*:*:*:*
traffic_server
Version:
3.0.0
CPE:
cpe:2.3:a:apache:traffic_server:3.0.0:*:*:*:*:*:*:*
traffic_server
Version:
5.0.0
CPE:
cpe:2.3:a:apache:traffic_server:5.0.0:*:*:*:*:*:*:*
traffic_server
Version:
2.1.8
CPE:
cpe:2.3:a:apache:traffic_server:2.1.8:*:*:*:*:*:*:*
traffic_server
Version:
2.1.4
CPE:
cpe:2.3:a:apache:traffic_server:2.1.4:*:*:*:*:*:*:*
traffic_server
Version:
6.1.0
CPE:
cpe:2.3:a:apache:traffic_server:6.1.0:*:*:*:*:*:*:*
traffic_server
Version:
3.2.2
CPE:
cpe:2.3:a:apache:traffic_server:3.2.2:*:*:*:*:*:*:*
traffic_server
Version:
3.3.5
CPE:
cpe:2.3:a:apache:traffic_server:3.3.5:*:*:*:*:*:*:*
traffic_server
Version:
2.1.2
CPE:
cpe:2.3:a:apache:traffic_server:2.1.2:*:*:*:*:*:*:*
traffic_server
Version:
5.1.2
CPE:
cpe:2.3:a:apache:traffic_server:5.1.2:*:*:*:*:*:*:*
traffic_server
Version:
3.0.4
CPE:
cpe:2.3:a:apache:traffic_server:3.0.4:*:*:*:*:*:*:*
traffic_server
Version:
2.1.3
CPE:
cpe:2.3:a:apache:traffic_server:2.1.3:*:*:*:*:*:*:*
traffic_server
Version:
3.1.3
CPE:
cpe:2.3:a:apache:traffic_server:3.1.3:*:*:*:*:*:*:*
traffic_server
Version:
3.1.1
CPE:
cpe:2.3:a:apache:traffic_server:3.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.2.5
CPE:
cpe:2.3:a:apache:traffic_server:3.2.5:*:*:*:*:*:*:*
traffic_server
Version:
4.1.0
CPE:
cpe:2.3:a:apache:traffic_server:4.1.0:*:*:*:*:*:*:*
traffic_server
Version:
3.0.2
CPE:
cpe:2.3:a:apache:traffic_server:3.0.2:*:*:*:*:*:*:*
traffic_server
Version:
2.0.0
CPE:
cpe:2.3:a:apache:traffic_server:2.0.0:alpha:*:*:*:*:*:*
traffic_server
Version:
4.1.1
CPE:
cpe:2.3:a:apache:traffic_server:4.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.2.0
CPE:
cpe:2.3:a:apache:traffic_server:3.2.0:*:*:*:*:*:*:*
traffic_server
Version:
3.1.4
CPE:
cpe:2.3:a:apache:traffic_server:3.1.4:*:*:*:*:*:*:*
traffic_server
Version:
3.3.1
CPE:
cpe:2.3:a:apache:traffic_server:3.3.1:*:*:*:*:*:*:*
traffic_server
Version:
3.3.0
CPE:
cpe:2.3:a:apache:traffic_server:3.3.0:*:*:*:*:*:*:*
traffic_server
Version:
5.1.0
CPE:
cpe:2.3:a:apache:traffic_server:5.1.0:*:*:*:*:*:*:*
traffic_server
Version:
4.2.3
CPE:
cpe:2.3:a:apache:traffic_server:4.2.3:*:*:*:*:*:*:*
traffic_server
Version:
3.1.0
CPE:
cpe:2.3:a:apache:traffic_server:3.1.0:*:*:*:*:*:*:*
traffic_server
Version:
3.3.2
CPE:
cpe:2.3:a:apache:traffic_server:3.3.2:*:*:*:*:*:*:*
traffic_server
Version:
3.2.1
CPE:
cpe:2.3:a:apache:traffic_server:3.2.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.3
CPE:
cpe:2.3:a:apache:traffic_server:3.0.3:*:*:*:*:*:*:*
traffic_server
Version:
6.1.1
CPE:
cpe:2.3:a:apache:traffic_server:6.1.1:*:*:*:*:*:*:*
traffic_server
Version:
4.2.1
CPE:
cpe:2.3:a:apache:traffic_server:4.2.1:*:*:*:*:*:*:*
traffic_server
Version:
2.1.0
CPE:
cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*
traffic_server
Version:
4.0.2
CPE:
cpe:2.3:a:apache:traffic_server:4.0.2:*:*:*:*:*:*:*
traffic_server
Version:
4.2.1.1
CPE:
cpe:2.3:a:apache:traffic_server:4.2.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.3.3
CPE:
cpe:2.3:a:apache:traffic_server:3.3.3:*:*:*:*:*:*:*
traffic_server
Version:
4.0.1
CPE:
cpe:2.3:a:apache:traffic_server:4.0.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.5
CPE:
cpe:2.3:a:apache:traffic_server:3.0.5:*:*:*:*:*:*:*
traffic_server
Version:
4.1.2
CPE:
cpe:2.3:a:apache:traffic_server:4.1.2:*:*:*:*:*:*:*
This vulnerability affects 60 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.securityfocus.com/bid/97949security@apache.org
-
http://www.securitytracker.com/id/1038275security@apache.org
-
https://issues.apache.org/jira/browse/TS-4819security@apache.org Issue Tracking Patch Third Party Advisory
-
http://www.securityfocus.com/bid/97949af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id/1038275af854a3a-2127-422b-91ae-364da2661108
-
https://issues.apache.org/jira/browse/TS-4819af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch Third Party Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- April 17, 2017
