Description

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

Remediation

References

CVE-2014-3624

Related Vulnerabilities

Oracle Application Server CVE-2007-5516 Vulnerability (CVE-2007-5516)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4293)

WordPress Plugin All Video Gallery SQL Injection (1.2)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-2516)

WordPress Plugin WP Maintenance Mode & Site Under Construction Cross-Site Request Forgery (1.8.2)

Severity

Critical

Classification

CVE-2014-3624 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities