WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2010-2952)

Description

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

Remediation

References

Related Vulnerabilities

Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9690)

phpMyAdmin Other Vulnerability (CVE-2004-1148)

WordPress Plugin Contact Form DB Cross-Site Request Forgery (2.8.31)

WordPress Plugin MarketPress-WordPress eCommerce PHP Object Injection (3.2.6)

WordPress Plugin Magic Fields 2 Unspecified Vulnerability (2.3.2.2)

Severity

Medium

Classification

CVE-2010-2952 CWE-20

Tags

Missing Update Known Vulnerabilities