Vulnerabilities > CVE-2023-30631
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions
Vulnerable Configurations
References
- https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
- https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/
- https://www.debian.org/security/2023/dsa-5435
- https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
- https://www.debian.org/security/2023/dsa-5435
- https://lists.fedoraproject.org/archives/list/[email protected]/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/
- https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html