Vulnerability Details CVE-2022-31778
Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.9%
CVSS Severity
CVSS v3 Score 7.5
References
- https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
- https://lists.debian.org/debian-lts-announce/2023/04/msg00007.html
- https://www.debian.org/security/2022/dsa-5206
- https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
- https://lists.debian.org/debian-lts-announce/2023/04/msg00007.html
- https://www.debian.org/security/2022/dsa-5206
Products affected by CVE-2022-31778
-
cpe:2.3:a:apache:traffic_server:8.0.0
-
cpe:2.3:a:apache:traffic_server:8.0.1
-
cpe:2.3:a:apache:traffic_server:8.0.2
-
cpe:2.3:a:apache:traffic_server:8.0.3
-
cpe:2.3:a:apache:traffic_server:8.0.4
-
cpe:2.3:a:apache:traffic_server:8.0.5
-
cpe:2.3:a:apache:traffic_server:8.0.6
-
cpe:2.3:a:apache:traffic_server:8.0.7
-
cpe:2.3:a:apache:traffic_server:8.0.8
-
cpe:2.3:a:apache:traffic_server:8.1.0
-
cpe:2.3:a:apache:traffic_server:8.1.1
-
cpe:2.3:a:apache:traffic_server:8.1.2
-
cpe:2.3:a:apache:traffic_server:8.1.3
-
cpe:2.3:a:apache:traffic_server:8.1.4
-
cpe:2.3:a:apache:traffic_server:9.0.0
-
cpe:2.3:a:apache:traffic_server:9.0.1
-
cpe:2.3:a:apache:traffic_server:9.0.2
-
cpe:2.3:a:apache:traffic_server:9.1.0
-
cpe:2.3:a:apache:traffic_server:9.1.1
-
cpe:2.3:a:apache:traffic_server:9.1.2
-
cpe:2.3:o:debian:debian_linux:11.0