Improper input validation in Apache Traffic_server
CVE-2010-2952
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-midd…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Traffic_server — versions 2.1.0, 2.1.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 43111 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- 41356 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_MISC)
- apache-traffic-cache-poisoing(61721) (vdb-entry, x_refsource_XF)
- 1024417 (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM)
- 20100908 Medium security flaw in Apache Traffic Server (mailing-list, x_refsource_BUGTRAQ)