CVE-2020-9481 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
apache	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Vendor	Product	Version
apache	traffic_server	6.0.0 ≤ 𝑥 ≤ 6.2.3
apache	traffic_server	7.0.0 ≤ 𝑥 ≤ 7.1.9
apache	traffic_server	8.0.0 ≤ 𝑥 ≤ 8.0.6
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

trafficserver

bullseye	8.1.10+ds-1~deb11u1 fixed
bullseye (security)	8.1.11+ds-0+deb11u1 fixed
bookworm	9.2.4+ds-0+deb12u1 fixed
bookworm (security)	9.2.5+ds-0+deb12u1 fixed
sid	9.2.5+ds-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

trafficserver

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	needs-triage
eoan	ignored
bionic	needs-triage
xenial	needs-triage
trusty	dne

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3Cannounce.trafficserver.apache.org%3E

https://www.debian.org/security/2020/dsa-4672

https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3Cannounce.trafficserver.apache.org%3E

https://www.debian.org/security/2020/dsa-4672