CVE-2017-5660

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-5660
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5660.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-5660
Downstream
Published
2018-02-27T20:29:00.403Z
Modified
2025-11-14T05:13:39.558957Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type
GIT
Repo
https://github.com/apache/trafficserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0b7b630858b4983d077a63074776abdfa48778f8
Last affected
1f1d708bbf4bbcd64cb0dbd82a2bbc838c630041
Last affected
5a27a40000db0b8f8edee7e99cd65ecb710239b2
Last affected
6c1c6cf20e7d0e287d697a0f4181436013d17c30
Last affected
6d6c6f2af903c3c2d1dec7db8094d00cb1813e60
Last affected
a57be23251358e6ac97442ebde3dae8d95d94846
Last affected
ab7c2cb5f85ff8bc47014a355c648e568e218179

Affected versions

3.*

3.1.2
3.1.3
3.3.0
3.3.1

4.*

4.1.0
4.2.0-rc0

6.*

6.2.0
6.2.0-rc0
6.2.0-rc1
6.2.0-rc2
6.2.0-rc3
6.2.1
6.2.1-rc0
6.2.2
6.2.2-rc0

7.*

7.0.0-rc0