Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-40743HistoryDec 19, 2022 - 12:15 p.m.
CVE-2022-40743
2022-12-1912:15:11
Debian Security Bug Tracker
security-tracker.debian.org
15
input validation
apache traffic server
cross site scripting
cache poisoning
upgrade
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.003
Percentile
68.1%
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | trafficserver | < 9.1.4+ds-1 | trafficserver_9.1.4+ds-1_all.deb |
| Debian | 11 | all | trafficserver | < 8.1.10+ds-1~deb11u1 | trafficserver_8.1.10+ds-1~deb11u1_all.deb |
| Debian | 999 | all | trafficserver | < 9.1.4+ds-1 | trafficserver_9.1.4+ds-1_all.deb |
Related
cvelist
cvelist
CVE-2022-40743 Apache Traffic Server: Security issues with the xdebug plugin
2022-12-19 11:06:14
openvas
openvas
Apache Traffic Server (ATS) 9.x < 9.1.3 XSS Vulnerability
2022-12-20 00:00:00
Fedora: Security Advisory for trafficserver (FEDORA-2022-489ea47e69)
2022-12-30 00:00:00
Fedora: Security Advisory for trafficserver (FEDORA-2022-62b61a8542)
2022-12-30 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2023-01-04 04:31:38
cnvd
cnvd
Apache Traffic Server Cross-Site Scripting Vulnerability (CNVD-2023-03922)
2022-12-21 00:00:00
prion
prion
Input validation
2022-12-19 12:15:00
ubuntucve
ubuntucve
CVE-2022-40743
2022-12-19 00:00:00
cve
cve
CVE-2022-40743
2022-12-19 12:15:11
osv
osv
CVE-2022-40743
2022-12-19 12:15:11
nvd
nvd
CVE-2022-40743
2022-12-19 12:15:11
nessus
nessus
Fedora 36 : trafficserver (2022-489ea47e69)
2022-12-29 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: trafficserver-9.1.4-1.fc36
2022-12-29 01:16:05
[SECURITY] Fedora 37 Update: trafficserver-9.1.4-1.fc37
2022-12-29 01:10:11
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.003
Percentile
68.1%
Related for DEBIANCVE:CVE-2022-40743