Description

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Remediation

References

CVE-2023-30631

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2019-2766)

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes SQL Injection (7.6.2)

WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11)

WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1893)

Severity

High

Classification

CVE-2023-30631 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities