Description

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

Remediation

References

CVE-2010-2952

Related Vulnerabilities

WordPress Plugin Booking Calendar Cross-Site Request Forgery (4.1.5)

WordPress Plugin Enable Media Replace Directory Traversal (3.6.3)

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9866)

XWiki Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-27480)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-6205)

Severity

Medium

Classification

CVE-2010-2952 CWE-20

Tags

Missing Update Known Vulnerabilities