var-202004-1820
Vulnerability from variot
Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Apache ATS Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Apache Traffic Server (ATS) is a set of scalable HTTP proxy and cache servers for the Apache Software Foundation. An attacker can use this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4672-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2020 https://www.debian.org/security/faq
Package : trafficserver CVE ID : CVE-2019-17559 CVE-2019-17565 CVE-2020-1944 CVE-2020-9481
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling attacks.
For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u2.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6sXUoACgkQEMKTtsN8 TjYFJA//VVLh3ighaQPMj9HhwDwsOrn0GSj8UkRc/nYuEQBdfKf5nE7JJio//U65 NHCGih9o9sfnZ9q+bxryED+RiKMOyUvxqMOqRhXItekVkXaRNWcXWqbGW+2MTL1H yOSaq9oMMv04/xzUcWId3T3WdrZk9vlehGmj7Eo0W2eH65itXL+RaKAJuZL+Jtrl XsT380xATHKyyuiN2OaIgWwFGSpzQ1cwXnvQzYOk1LXlTqFA9UhBWZJHsNAwXlqQ ANURjLVa5Z+LwmkpAgpksL+bSMinX+XKKNsc82e0NJkDFuk/VhQle3AYhERC23eC Nar2nXHMC9yvH/ym8MNVYa48PTWD3xYalncAOyMiw7b4tts4uWkAPpnhWxY2g9p5 0xIlZvlDFzW50DsneNo1cHscsg4hlYDlzo2ucYBZHlFRFVj+tVU7t/5E+PctKifi ls8jf7TrDqLJfyyVxH9k+qMpo2KbOWk/PgCfaOsWbTcEVlpUUOCfTx1+rExTVNVs cmkrA3GYijHNqLhs2Lsrv3TnSOviSXdewnN1uGlfhSEPL9LndKOaxWr6w9P4HCVF Qvt8p9lZCQM4zs9FvSrvbb6y9B6P5/BzQKwTlJ/ziuUQeLz3Cn+skt9sRFP0u2Un NGefeHnatRuux9EFVnEqHRsG2+/HbpXiv/Hfdh0M6PNeW23PqLI= =0mTC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1820",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.9"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 \u304b\u3089 6.2.3"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 \u304b\u3089 7.1.9"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0 \u304b\u3089 8.0.6"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "traffic server",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "6.0.0,\u003c=6.2.3"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "7.0.0,\u003c=7.1.9"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "8.0.0,\u003c=8.0.6"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.1.0"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.1.1"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.2.0"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.2.1"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.2.2"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.0"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.1"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.2"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.3"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.4"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.5"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.6"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.7"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.8"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "7.1.9"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "8.0.1"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "8.0.2"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "8.0.4"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "8.0.5"
},
{
"model": "traffic server",
"scope": "eq",
"trust": 0.1,
"vendor": "apache",
"version": "8.0.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.1,
"vendor": "debian",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "NVD",
"id": "CVE-2020-9481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9481"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "168822"
}
],
"trust": 0.1
},
"cve": "CVE-2020-9481",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004901",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28765",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-9481",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004901",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9481",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004901",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-28765",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2226",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-9481",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "NVD",
"id": "CVE-2020-9481"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Apache ATS Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Apache Traffic Server (ATS) is a set of scalable HTTP proxy and cache servers for the Apache Software Foundation. An attacker can use this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4672-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 01, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : trafficserver\nCVE ID : CVE-2019-17559 CVE-2019-17565 CVE-2020-1944 CVE-2020-9481\n\nSeveral vulnerabilities were discovered in Apache Traffic Server, a\nreverse and forward proxy server, which could result in denial of service\nor request smuggling attacks. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 8.0.2+ds-1+deb10u2. \n\nWe recommend that you upgrade your trafficserver packages. \n\nFor the detailed security status of trafficserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/trafficserver\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6sXUoACgkQEMKTtsN8\nTjYFJA//VVLh3ighaQPMj9HhwDwsOrn0GSj8UkRc/nYuEQBdfKf5nE7JJio//U65\nNHCGih9o9sfnZ9q+bxryED+RiKMOyUvxqMOqRhXItekVkXaRNWcXWqbGW+2MTL1H\nyOSaq9oMMv04/xzUcWId3T3WdrZk9vlehGmj7Eo0W2eH65itXL+RaKAJuZL+Jtrl\nXsT380xATHKyyuiN2OaIgWwFGSpzQ1cwXnvQzYOk1LXlTqFA9UhBWZJHsNAwXlqQ\nANURjLVa5Z+LwmkpAgpksL+bSMinX+XKKNsc82e0NJkDFuk/VhQle3AYhERC23eC\nNar2nXHMC9yvH/ym8MNVYa48PTWD3xYalncAOyMiw7b4tts4uWkAPpnhWxY2g9p5\n0xIlZvlDFzW50DsneNo1cHscsg4hlYDlzo2ucYBZHlFRFVj+tVU7t/5E+PctKifi\nls8jf7TrDqLJfyyVxH9k+qMpo2KbOWk/PgCfaOsWbTcEVlpUUOCfTx1+rExTVNVs\ncmkrA3GYijHNqLhs2Lsrv3TnSOviSXdewnN1uGlfhSEPL9LndKOaxWr6w9P4HCVF\nQvt8p9lZCQM4zs9FvSrvbb6y9B6P5/BzQKwTlJ/ziuUQeLz3Cn+skt9sRFP0u2Un\nNGefeHnatRuux9EFVnEqHRsG2+/HbpXiv/Hfdh0M6PNeW23PqLI=\n=0mTC\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"db": "PACKETSTORM",
"id": "168822"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9481",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28765",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1566",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2226",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-9481",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168822",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "PACKETSTORM",
"id": "168822"
},
{
"db": "NVD",
"id": "CVE-2020-9481"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
]
},
"id": "VAR-202004-1820",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
}
]
},
"last_update_date": "2023-12-18T13:33:04.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[ANNOUNCE] Apache Traffic Server is vulnerable to a HTTP/2 slow read attack (revised URL to CVE)",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3cannounce.trafficserver.apache.org%3e"
},
{
"title": "DSA-4672",
"trust": 0.8,
"url": "https://www.debian.org/security/2020/dsa-4672"
},
{
"title": "Patch for Apache Traffic Server resource management error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/217791"
},
{
"title": "Apache Traffic Server Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117728"
},
{
"title": "Debian Security Advisories: DSA-4672-1 trafficserver -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=068031a0d7824f96d2ef05460c32232d"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "NVD",
"id": "CVE-2020-9481"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9481"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4672"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9481"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1566/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-traffic-server-overload-via-http-2-slow-read-32173"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1944"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17565"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/trafficserver"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17559"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "PACKETSTORM",
"id": "168822"
},
{
"db": "NVD",
"id": "CVE-2020-9481"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"db": "PACKETSTORM",
"id": "168822"
},
{
"db": "NVD",
"id": "CVE-2020-9481"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"date": "2020-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"date": "2020-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "168822"
},
{
"date": "2020-04-27T22:15:12.457000",
"db": "NVD",
"id": "CVE-2020-9481"
},
{
"date": "2020-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9481"
},
{
"date": "2020-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004901"
},
{
"date": "2020-08-18T15:05:57.843000",
"db": "NVD",
"id": "CVE-2020-9481"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Traffic Server resource management error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28765"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2226"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.