CVE-2022-47184

CWE-200 — Information Exposure5 documents5 sources

Severity

7.5HIGH

EPSS

0.2%

top 53.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server Debian Debian Linux

Timeline

PublishedJun 14

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_traffic_server8.0.0 — 9.2.0

▶NVDapache/traffic_server8.0.0 — 8.1.7+1

▶Debiantrafficserver< 8.1.7+ds-1~deb11u1+1

Also affects: Debian Linux 11.0, 12.0

🔴Vulnerability Details

CVEList

Apache Traffic Server: The TRACE method can be use to disclose network information↗2023-06-14

▶

GHSA

GHSA-5r5w-ww4m-44x3: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server↗2023-06-14

▶

OSV

CVE-2022-47184: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server↗2023-06-14

▶

📋Vendor Advisories

Debian

CVE-2022-47184: trafficserver - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac...↗2022

▶