Back to search
CVE-2010-2952
Published: Sep 13, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43111
vdb-entry
x_refsource_BID
https://issues.apache.org/jira/browse/TS-425
x_refsource_CONFIRM
41356
third-party-advisory
x_refsource_SECUNIA
http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc
x_refsource_MISC
apache-traffic-cache-poisoing(61721)
vdb-entry
x_refsource_XF
1024417
vdb-entry
x_refsource_SECTRACK
http://trafficserver.apache.org/
x_refsource_CONFIRM
20100908 Medium security flaw in Apache Traffic Server
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now