CVE-2017-7671Improper Input Validation in Apache Traffic Server

CWE-20Improper Input Validation8 documents6 sources
Severity
7.5HIGHNVD
EPSS
4.3%
top 11.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Traffic ServerApache Software Foundation Apache Traffic ServerDebian Linux
Timeline
PublishedFeb 27
Latest updateMay 14

Description

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/traffic_server5.2.05.3.2+2
CVEListV5apache_software_foundation/apache_traffic_server5.2.0 to 5.3.2, 6.0.0 to 6.2.0, 7.0.0+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
GHSA
GHSA-cp9g-xqrx-g4w7: There is a DOS attack vulnerability in Apache Traffic Server (ATS) 52022-05-14
OSV
CVE-2017-7671: There is a DOS attack vulnerability in Apache Traffic Server (ATS) 52018-02-27
CVEList
CVE-2017-7671: There is a DOS attack vulnerability in Apache Traffic Server (ATS) 52018-02-27

📋Vendor Advisories

1
Debian
CVE-2017-7671: trafficserver - There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3....2017

💬Community

3
Bugzilla
CVE-2017-7671 trafficserver: TLS handshake vulnerability in SSLNetVConnection.cc can lead to denial of service2018-03-02
Bugzilla
CVE-2017-5660 CVE-2017-7671 trafficserver: various flaws [fedora-all]2018-03-02
Bugzilla
CVE-2017-5660 CVE-2017-7671 trafficserver: various flaws [epel-all]2018-03-02
CVE-2017-7671 — Improper Input Validation in Apache | cvebase