CVE-2020-9494
published 2020-06-24CVE-2020-9494: Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | 7.0.0 – 7.0.107 | — |
| apache | tomcat | 8.5.0 – 8.5.61 | — |
| apache | tomcat | 9.0.0 – 9.0.41 | — |
| apache | traffic_server | 6.0.0 – 6.2.3 | — |
| apache | traffic_server | 7.0.0 – 7.1.10 | — |
| apache | traffic_server | 8.0.0 – 8.0.7 | — |
| apache_software_foundation | apache_traffic_server | — | — |
| apache_software_foundation | apache_traffic_server | — | — |
| apache_software_foundation | apache_traffic_server | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tomcat9 | < tomcat9 9.0.43-1 (bookworm) | tomcat9 9.0.43-1 (bookworm) |
| debian | trafficserver | < trafficserver 8.0.8+ds-1 (bookworm) | trafficserver 8.0.8+ds-1 (bookworm) |
| oracle | agile_plm | — | — |
| oracle | agile_plm | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | — | — |
| oracle | communications_instant_messaging_server | — | — |
| oracle | database | — | — |
| oracle | database | — | — |
| oracle | database | — | — |
| oracle | graph_server_and_client | < 21.3.0 | 21.3.0 |
| oracle | instantis_enterprisetrack | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.0HIGH
osv7.5HIGH