Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2010-2952)

Description

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

Remediation

References

Related Vulnerabilities

WordPress Plugin PHPFreeChat 'url' Parameter Cross-Site Scripting (0.2.8)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-3506)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.17)

WordPress Plugin WPshop-eCommerce Arbitrary File Upload (1.3.9.5)

WordPress Plugin VM Backups Cross-Site Request Forgery (1.0)

Severity

Medium

Classification

CVE-2010-2952 CWE-20

Tags

Missing Update Known Vulnerabilities