Description

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

Remediation

References

CVE-2017-5660

Related Vulnerabilities

WordPress Plugin WordPress Photo Gallery by Gallery Bank Unspecified Vulnerability (4.0.48)

WordPress Plugin Mingle Forum Multiple Cross-Site Request Forgery Vulnerabilities (1.0.34)

WordPress Plugin AccessPress iFeeds includes Backdoor [Only if downloaded via the vendor website] (4.0.3)

Oracle HTTP Server Other Vulnerability (CVE-2006-5346)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12308)

Severity

High

Classification

CVE-2017-5660 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities