Vulnerability Description
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | 5.1.0 |
Related Weaknesses (CWE)
References
- http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231
- http://www.securityfocus.com/bid/101630Third Party AdvisoryVDB Entry
- https://issues.apache.org/jira/browse/TS-2677Issue TrackingPatchVendor Advisory
- http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231
- http://www.securityfocus.com/bid/101630Third Party AdvisoryVDB Entry
- https://issues.apache.org/jira/browse/TS-2677Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2014-3624?
CVE-2014-3624 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
How severe is CVE-2014-3624?
CVE-2014-3624 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-3624?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server.