Vulnerability Details CVE-2020-17509
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 85.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-17509
-
cpe:2.3:a:apache:traffic_server:6.0.0
-
cpe:2.3:a:apache:traffic_server:6.0.3
-
cpe:2.3:a:apache:traffic_server:6.1.0
-
cpe:2.3:a:apache:traffic_server:6.1.1
-
cpe:2.3:a:apache:traffic_server:6.2.0
-
cpe:2.3:a:apache:traffic_server:6.2.1
-
cpe:2.3:a:apache:traffic_server:6.2.2
-
cpe:2.3:a:apache:traffic_server:6.2.3
-
cpe:2.3:a:apache:traffic_server:7.0.0
-
cpe:2.3:a:apache:traffic_server:7.1.0
-
cpe:2.3:a:apache:traffic_server:7.1.1
-
cpe:2.3:a:apache:traffic_server:7.1.10
-
cpe:2.3:a:apache:traffic_server:7.1.2
-
cpe:2.3:a:apache:traffic_server:7.1.3
-
cpe:2.3:a:apache:traffic_server:7.1.4
-
cpe:2.3:a:apache:traffic_server:7.1.5
-
cpe:2.3:a:apache:traffic_server:7.1.6
-
cpe:2.3:a:apache:traffic_server:7.1.7
-
cpe:2.3:a:apache:traffic_server:7.1.8
-
cpe:2.3:a:apache:traffic_server:7.1.9
-
cpe:2.3:a:apache:traffic_server:8.0.0
-
cpe:2.3:a:apache:traffic_server:8.0.1
-
cpe:2.3:a:apache:traffic_server:8.0.2
-
cpe:2.3:a:apache:traffic_server:8.0.3
-
cpe:2.3:a:apache:traffic_server:8.0.4
-
cpe:2.3:a:apache:traffic_server:8.0.5
-
cpe:2.3:a:apache:traffic_server:8.0.6
-
cpe:2.3:a:apache:traffic_server:8.0.7