CVE-2017-5660

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5660

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5660.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-5660

Related

Published

2018-02-27T20:29:00Z

Modified

2025-01-08T04:43:24.197524Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

References

Affected packages

Debian:11 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.2+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.2+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0b7b630858b4983d077a63074776abdfa48778f8

Last affected

1f1d708bbf4bbcd64cb0dbd82a2bbc838c630041

Last affected

5a27a40000db0b8f8edee7e99cd65ecb710239b2

Last affected

6c1c6cf20e7d0e287d697a0f4181436013d17c30

Last affected

6d6c6f2af903c3c2d1dec7db8094d00cb1813e60

Last affected

a57be23251358e6ac97442ebde3dae8d95d94846

Last affected

ab7c2cb5f85ff8bc47014a355c648e568e218179

Affected versions

3.*

3.1.2

3.1.3

3.3.0

3.3.1

4.*

4.1.0

4.2.0-rc0

6.*

6.2.0

6.2.0-rc0

6.2.0-rc1

6.2.0-rc2

6.2.0-rc3

6.2.1

6.2.1-rc0

6.2.2

6.2.2-rc0

7.*

7.0.0-rc0