CVE-2017-5660
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
27/02/2018
Last modified:
07/11/2023
Description
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* | 6.2.0 (including) | |
| cpe:2.3:a:apache:traffic_server:6.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:traffic_server:6.2.1:rc0:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:traffic_server:6.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:traffic_server:6.2.2:rc0:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:traffic_server:7.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:traffic_server:7.0.0:rc0:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:traffic_server:7.0.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:traffic_server:7.0.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page