CVE-2020-17509

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-17509
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17509.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-17509
Downstream
Published
2021-01-11T10:15:13Z
Modified
2025-09-19T12:08:29.010144Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

References

Affected packages

Git / github.com/apache/trafficserver

Affected versions

8.*

8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
8.0.4
8.0.4-rc0
8.0.5
8.0.6
8.0.6-rc0
8.0.6-rc1
8.0.7
8.0.7-rc0