CVE-2017-7670 (GCVE-0-2017-7670)
Vulnerability from cvelistv5 – Published: 2017-07-10 18:00 – Updated: 2024-09-16 17:52
VLAI?
Summary
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Traffic Control |
Affected:
1.8.0 incubating
Affected: 2.0.0 RC0 incubating |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20190906 [trafficcontrol-website] branch asf-site updated: Adds CVE-2019-12405 to security page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Traffic Control",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.8.0 incubating"
},
{
"status": "affected",
"version": "2.0.0 RC0 incubating"
}
]
}
],
"datePublic": "2017-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T20:06:13",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20190906 [trafficcontrol-website] branch asf-site updated: Adds CVE-2019-12405 to security page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-07T00:00:00",
"ID": "CVE-2017-7670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Control",
"version": {
"version_data": [
{
"version_value": "1.8.0 incubating"
},
{
"version_value": "2.0.0 RC0 incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0@%3Cusers.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20190906 [trafficcontrol-website] branch asf-site updated: Adds CVE-2019-12405 to security page",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c@%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@%3Ccommits.trafficcontrol.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7670",
"datePublished": "2017-07-10T18:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T17:52:59.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.8.0\", \"matchCriteriaId\": \"1DBD0BDC-FE45-4783-836C-98AC3C1AD582\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:1.8.1:rc0:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C7D341B-4BCD-4040-9539-0B3D3BF489AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:2.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4A5940F-5AF1-4E6A-8D40-800C402188DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:2.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A07F5552-C1D7-4D61-A7EA-FACE14BFB707\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:2.0.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF329CC2-2B4C-46B7-AAB3-5902C66731C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:2.0.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAA4DE4E-41E9-4D6A-824A-259A10C58A33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:2.0.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5A0F919-6FA5-4C28-B840-E605C7EA1C43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_control:2.0.0:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6EA36D0-C636-4D8F-96B3-77BF5266D9B2\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.\"}, {\"lang\": \"es\", \"value\": \"El componente Traffic Router del proyecto Apache Traffic Control en incubaci\\u00f3n es vulnerable a un ataque de denegaci\\u00f3n de servicio de estilo Slowloris. Las conexiones TCP realizadas en el puerto DNS configurado permanecer\\u00e1n en el estado ESTABLISHED hasta que el cliente cierre expl\\u00edcitamente la conexi\\u00f3n o se reinicie Traffic Router. Si las conexiones permanecen en el estado ESTABLISHED indefinidamente y se acumulan en n\\u00famero para que coincida con el tama\\u00f1o del grupo hilo (subprocesos) dedicado al procesamiento de peticiones DNS, el grupo hilo (subprocesos) se agota. Una vez que se agota el grupo de hilo (subprocesos), Traffic Router no puede atender ninguna petici\\u00f3n DNS, independientemente del protocolo de transporte.\"}]",
"id": "CVE-2017-7670",
"lastModified": "2024-11-21T03:32:25.707",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-07-10T18:29:00.253",
"references": "[{\"url\": \"https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-7670\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-07-10T18:29:00.253\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.\"},{\"lang\":\"es\",\"value\":\"El componente Traffic Router del proyecto Apache Traffic Control en incubaci\u00f3n es vulnerable a un ataque de denegaci\u00f3n de servicio de estilo Slowloris. Las conexiones TCP realizadas en el puerto DNS configurado permanecer\u00e1n en el estado ESTABLISHED hasta que el cliente cierre expl\u00edcitamente la conexi\u00f3n o se reinicie Traffic Router. Si las conexiones permanecen en el estado ESTABLISHED indefinidamente y se acumulan en n\u00famero para que coincida con el tama\u00f1o del grupo hilo (subprocesos) dedicado al procesamiento de peticiones DNS, el grupo hilo (subprocesos) se agota. Una vez que se agota el grupo de hilo (subprocesos), Traffic Router no puede atender ninguna petici\u00f3n DNS, independientemente del protocolo de transporte.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.0\",\"matchCriteriaId\":\"1DBD0BDC-FE45-4783-836C-98AC3C1AD582\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:1.8.1:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C7D341B-4BCD-4040-9539-0B3D3BF489AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:2.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A5940F-5AF1-4E6A-8D40-800C402188DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:2.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A07F5552-C1D7-4D61-A7EA-FACE14BFB707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:2.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF329CC2-2B4C-46B7-AAB3-5902C66731C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:2.0.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAA4DE4E-41E9-4D6A-824A-259A10C58A33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:2.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5A0F919-6FA5-4C28-B840-E605C7EA1C43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_control:2.0.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6EA36D0-C636-4D8F-96B3-77BF5266D9B2\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…