CVE-2022-47185
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
09/08/2023
Last modified:
13/02/2025
Description
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* | 8.0.0 (including) | 8.1.7 (including) |
| cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* | 9.0.0 (including) | 9.2.1 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
- https://lists.debian.org/debian-lts-announce/2023/09/msg00042.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOTOM2MFKOLK46Q3BQHO662HTPZFRQUC/
- https://www.debian.org/security/2023/dsa-5549
- https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
- https://lists.debian.org/debian-lts-announce/2023/09/msg00042.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOTOM2MFKOLK46Q3BQHO662HTPZFRQUC/
- https://www.debian.org/security/2023/dsa-5549