CVE-2014-3624 — Improper Access Control in Apache Traffic Server
Severity
9.8CRITICALNVD
EPSS
0.4%
top 40.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 30
Latest updateMay 17
Description
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
1Debian▶
CVE-2014-3624: trafficserver - Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass acces...↗2014