Description

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

Remediation

References

CVE-2010-2952

Related Vulnerabilities

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (3.4.1)

Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-30522)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000481)

WebLogic CVE-2021-2378 Vulnerability (CVE-2021-2378)

WordPress Plugin UK Cookie Consent Cross-Site Scripting (2.3.9)

Severity

Medium

Classification

CVE-2010-2952 CWE-20

Tags

Missing Update Known Vulnerabilities