Vulnerability Details CVE-2017-7671
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://lists.apache.org/thread.html/203bdcf9bbb718f3dc6f7aaf3e2af632474d51fa9e7bfb7832729905%40%3Cdev.trafficserver.apache.org%3E
- https://www.debian.org/security/2018/dsa-4128
- https://lists.apache.org/thread.html/203bdcf9bbb718f3dc6f7aaf3e2af632474d51fa9e7bfb7832729905%40%3Cdev.trafficserver.apache.org%3E
- https://www.debian.org/security/2018/dsa-4128
Products affected by CVE-2017-7671
-
cpe:2.3:a:apache:traffic_server:5.2.0
-
cpe:2.3:a:apache:traffic_server:5.2.1
-
cpe:2.3:a:apache:traffic_server:5.3.0
-
cpe:2.3:a:apache:traffic_server:5.3.1
-
cpe:2.3:a:apache:traffic_server:5.3.2
-
cpe:2.3:a:apache:traffic_server:6.0.3
-
cpe:2.3:a:apache:traffic_server:6.1.0
-
cpe:2.3:a:apache:traffic_server:6.1.1
-
cpe:2.3:a:apache:traffic_server:6.2.0
-
cpe:2.3:a:apache:traffic_server:7.0.0
-
cpe:2.3:o:debian:debian_linux:9.0