Overview : | ||||||
|
Subject: [ANNOUNCE] Apache Traffic Server is vulnerable to various smugging attacks
Date: 2020/03/10 22:35:10
List: announce@trafficserver.apache.org
Description: ATS is vulnerable to various smugging attacks CVE: CVE-2020-1944 CVE-2019-17565 CVE-2019-17559 Reported By: ZeddYu Lu (CVE-2020-1944) Vendor: The Apache Software Foundation Version Affected: ATS 6.0.0 to 6.2.3 ATS 7.0.0 to 7.1.8 ATS 8.0.0 to 8.0.5 Mitigation: 6.x users should upgrade to 7.1.9, 8.0.6, or later versions 7.x users should upgrade to 7.1.9 or later versions 8.x users should upgrade to 8.0.6 or later versions References: Downloads: https://trafficserver.apache.org/downloads (Please use backup sites from the link only if the mirrors are unavailable) CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1944 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17565 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17559