Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-30631

Published: 14/06/2023 Updated: 01/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Traffic Server

Vulnerability Summary

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 up to and including 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Vulnerable Product Search on Vulmon Subscribe to Product

apache traffic server

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: trafficserver: CVE-2022-47184 CVE-2023-30631 CVE-2023-33933
Debian Bug report logs - #1038248 trafficserver: CVE-2022-47184 CVE-2023-30631 CVE-2023-33933 Package: src:trafficserver; Maintainer for src:trafficserver is Jean Baptiste Favre <debian@jbfavreorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 Jun 2023 18:45:01 UTC Severity: important Tags: se ...
Debian Security Advisories: DSA-5435-1 trafficserver -- security update
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service For the stable distribution (bookworm), these problems have been fixed in version 920+ds-2+deb12u1 This is a no change rebuild of the update from DSA-5435-1 with a corrected vers ...
Debian Security Advisories: DSA-5435-1 trafficserver -- security update
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service For the oldstable distribution (bullseye), these problems have been fixed in version 817+ds-1~deb11u1 For the stable distribution (bookworm), these problems have been fixed in ve ...

References

CWE-20https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvshttps://www.debian.org/security/2023/dsa-5435https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/https://lists.debian.org/debian-lts-announce/2023/06/msg00037.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038248https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5435-2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook