CVE-2020-17509 — HIGH (7.5)

Q: How severe is CVE-2020-17509?

CVE-2020-17509 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-17509?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server.

Vulnerability Description

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Traffic Server	>= 6.0.0, <= 6.2.3

Related Weaknesses (CWE)

CWE-444

References

https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9Mailing ListVendor Advisory
https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9Mailing ListVendor Advisory

FAQ

What is CVE-2020-17509?

CVE-2020-17509 is a vulnerability with a CVSS score of 7.5 (HIGH). ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 t...

How severe is CVE-2020-17509?

CVE-2020-17509 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-17509?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server.