Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Apache Traffic Server (ATS) Multiple HTTP/2 DoS vulnerabilities

Information

Severity

Severity

High

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Summary

Apache Traffic Server is prone to multiple denial of service vulnerabilities in the HTTP/2 implementation.

Insight

Insight

Apache Traffic Server is prone to multiple denial of service vulnerabilities: - Ping Flood (CVE-2019-9512) - Reset Flood (CVE-2019-9514) - Settings Flood (CVE-2019-9515) - Malformed SETTINGS frames (CVE-2019-10079)

Affected Software

Affected Software

Apache Traffic Server versions 6.0.0 - 6.2.3, 7.0.0 - 7.1.6 and 8.0.0 - 8.0.3.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 7.1.7, 8.0.4 or later.

Common Vulnerabilities and Exposures (CVE)