CVE-2010-2952
published 2010-09-13CVE-2010-2952: Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | traffic_server | <= 2.0.0 | — |
| apache | traffic_server | — | — |
| apache | traffic_server | — | — |
| debian | trafficserver | — | — |