Lucene search
PRIOn knowledge basePRION:CVE-2019-10079HistoryOct 22, 2019 - 4:15 p.m.
Code injection
2019-10-2216:15:00
PRIOn knowledge base
www.prio-n.com
3
0.004 Low
EPSS
Percentile
72.3%
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn’t limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| traffic_server | lt | 7.1.7 | |
| traffic_server | ge | 8.0.0 | |
| traffic_server | lt | 8.0.4 |
References
lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
Related
ubuntucve
ubuntucve
CVE-2019-10079
2019-10-22 00:00:00
nvd
nvd
CVE-2019-10079
2019-10-22 16:15:10
osv
osv
CVE-2019-10079
2019-10-22 16:15:10
trafficserver - security update
2019-09-09 00:00:00
cvelist
cvelist
CVE-2019-10079
2019-10-22 15:42:35
debiancve
debiancve
CVE-2019-10079
2019-10-22 16:15:10
cve
cve
CVE-2019-10079
2019-10-22 16:15:10
openvas
openvas
Apache Traffic Server (ATS) Multiple HTTP/2 DoS Vulnerabilities
2019-10-28 00:00:00
Debian: Security Advisory (DSA-4520-1)
2019-09-11 00:00:00