CVE-2020-17508Sensitive Information Exposure in Apache Traffic Server

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.7%
top 14.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Traffic ServerApache Software Foundation Apache Traffic Server
Timeline
PublishedJan 11
Latest updateMay 24

Description

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/traffic_server6.0.06.2.3+2
CVEListV5apache_software_foundation/apache_traffic_serverApache Traffic Server 7.0.0 to 7.1.11, 8.0.0 to 8.1.0

🔴Vulnerability Details

3
GHSA
GHSA-8c5r-6wpq-9ghx: The ATS ESI plugin has a memory disclosure vulnerability2022-05-24
OSV
CVE-2020-17508: The ATS ESI plugin has a memory disclosure vulnerability2021-01-11
CVEList
CVE-2020-17508: The ATS ESI plugin has a memory disclosure vulnerability2021-01-11

📋Vendor Advisories

1
Debian
CVE-2020-17508: trafficserver - The ATS ESI plugin has a memory disclosure vulnerability. If you are running the...2020
CVE-2020-17508 — Sensitive Information Exposure | cvebase