CVE-2017-7671

Low

Low Medium High Critical

CVSS Score

Published: Feb 27, 2018

Last Modified: Nov 21, 2024

Vulnerability Description

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.

Known Affected Software

11 configuration(s) from 2 vendor(s)

traffic_server

Version:

5.2.0

CPE:

cpe:2.3:a:apache:traffic_server:5.2.0:*:*:*:*:*:*:*

traffic_server

Version:

6.0.3

CPE:

cpe:2.3:a:apache:traffic_server:6.0.3:*:*:*:*:*:*:*

traffic_server

Version:

5.2.1

CPE:

cpe:2.3:a:apache:traffic_server:5.2.1:*:*:*:*:*:*:*

traffic_server

Version:

6.2.0

CPE:

cpe:2.3:a:apache:traffic_server:6.2.0:*:*:*:*:*:*:*

traffic_server

Version:

7.0.0

CPE:

cpe:2.3:a:apache:traffic_server:7.0.0:rc0:*:*:*:*:*:*

traffic_server

Version:

5.3.0

CPE:

cpe:2.3:a:apache:traffic_server:5.3.0:*:*:*:*:*:*:*

traffic_server

Version:

5.3.1

CPE:

cpe:2.3:a:apache:traffic_server:5.3.1:*:*:*:*:*:*:*

traffic_server

Version:

5.3.2

CPE:

cpe:2.3:a:apache:traffic_server:5.3.2:*:*:*:*:*:*:*

traffic_server

Version:

6.1.0

CPE:

cpe:2.3:a:apache:traffic_server:6.1.0:*:*:*:*:*:*:*

traffic_server

Version:

6.1.1

CPE:

cpe:2.3:a:apache:traffic_server:6.1.1:*:*:*:*:*:*:*

debian_linux

Version:

9.0

CPE:

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

This vulnerability affects 11 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-20 Top 25 #14

Improper Input Validation

Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class